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Instructor Course Overview 


WL419 course will teach students how to design, configure and use the 
security features of wireless network devices, in order to obtain a 
security level that matches enterprise predetermined requirements. 


Course Strategy 


This course is a formal classroom course without exercises or 
checking questions. 


The course explains why security should be considered as a global 
requirement, not only the juxtaposition of several security 
technologies. On top of that it explains how to go from the security 
requirements to the choice of some security policies, technical 
requirements and hardware settings. 


The first module indicates what an end to end security concept is and 
how it should be implemented in the enterprise world. 


The second and third modules explain the network and enterprise 
objects that are related to security in the enterprise information 
system. The course indicates here that the difficulty is related to the 
structure of the network in the wireless world. Actually, in this world 
there are many types of devices, each with its own vulnerabilities, and 
also a constantly evolving network. The course also explains the 
various Enterprise Services technologies and protocols that can be 
used to perform such an end to end security. 


The 4th module describes how and why to qualify the value and the 
security properties of all the objects within the enterprise. 


The fifth module explains how to define and set the enterprise 
boundaries. 


The sixth module indicates what a security policy is and how to define 
it for a wireless network. 
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The seventh module describes the deployment and management 
aspects related to these technology choices. 


And finally, the eighth module explains how to control that there is no 
deviation from the processes that has been set. 
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Course Description 


Wireless End to End Security 


Duration: 2 days 


Purpose 


Audience 


Prerequisites 


Objectives 


This course defines what an end to end security is, applied to a 
wireless network. It focuses mainly on the various classes of devices 
involved in the network and the security policies that should be applied 
to them. 


Additionally, this course provides an overview of some technologies 
used outside the enterprise world. 


¢ Anyone involved in the definition of the security policies of the 
enterprise: 


¢ Achief security officer, an Information Systems architect or a 
network manager. 


For a maximum efficiency of this course, it is recommended to have 
previously attended the WL18 course. 


However, it is possible for people with a good knowledge of network 
technology and security practices to attend this course. 


Upon completion of this course, you will: 


¢ Know the terminology employed in wireless security, 


¢ Know the various categories of equipment used in the wireless 
network and their vulnerabilities, 


¢ Be able to identify the security criteria important for the application 
of your enterprise security policy, 
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* Be able to establish, deploy and manage an enterprise security 
policy. 


Contents 


¢ Introduction 
¢ The security vocabulary 
¢ The network objects related to security, 


¢ The enterprise objects related to security, and their value for the 
enterprise (information, processes, performance and availability 
properties) 


¢ The control zone definition 
¢ The security policy definition 
¢ The security policy deployment 


¢ The enterprise network and information systems surveillance. 
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Agenda 


Day 1 
* (01:30) Introduction, security vocabulary. 
¢ (01:30) The network objects related to security, 
¢ (01:30) The enterprise objects related to security, 


¢ (01:30) The value of objects for the enterprise (information, 
processes, performance and availability properties) 


Day 2 
¢ (01:00) The control zone definition 
¢ (02:00) The security policy definition 
¢ (02:00) The security policy deployment 


¢ (01:00) The enterprise network and information systems 
surveillance 
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Figure 0-1. Wireless End to End Security WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 

Details — 

Additional Information — 


Transition Statement — 
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Objectives 














Figure 0-2. Objectives WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 

Details — 

Additional Information — 


Transition Statement — 
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Course Structure 














Figure 0-3. Course structure WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 

Details — 

Additional Information — 


Transition Statement — 
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Course Start 











Figure 0-4. Course start WL191.0 
Notes: 
0-8 Wireless end to end security © Copyright IBM Corp. 2003 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Instructor Notes: 
Purpose — 

Details — 

Additional Information — 


Transition Statement — 
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Unit 1. Introduction, security vocabulary 


What This Unit Is About 


This unit focuses on the definition of the problem. 
In this purpose, it defines the different concepts to be used. 


The main topic of this unit is to explain to the audience that security 
should not be considered as an aggregation of techniques, but as the 
whole functional requirement of an information system. 


What You Should Be Able to Do 


After completing this unit, you should be able to: 


¢ Define precisely the end to end security problem in the wireless 
world with the right words. 


¢ Explain why the most important thing is to consider the whole 
system, even if everything is physically moving in the wireless 
world. 
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Welcome to: 





WL19 


Wireless End to End Security 





Unit 1: Introduction, security vocabul 











Figure 1-1. WL19 WL191.0 


Notes: 


WL419 unit 1 introduces the security vocabulary. 


Many terms are currently used in discussions, such as a firewall, a hacker, authentication, 
privacy, but is their meaning really understood? 


This unit gives the basic definition of the wording, but also the definition that applies in the 
context of an Information system. 
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Instructor Notes: 

Purpose — 

Introduce the security vocabulary 
Details — 


WL419 unit 1 introduces the security vocabulary. 


Many terms are currently used in discussions, such as a firewall, a hacker, authentication, 
privacy, but is their meaning really understood? 


This unit gives the basic definition of the wording, but also the definition that applies in the 
context of an Information system. 


Trust, access control, confidentiality, accountability, availability, encryption, integrity, 


virus, worm, hoax, exploit are also defined, but the unit would be excessively huge if all 
security terms were defined there. Additional concepts are defined all along the course. 


Additional Information — 
Transition Statement — 


Next slide introduces the objectives of this unit 
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Objectives 


N 
vta 
—28 


S 


After completing this unit, you should be able to: 


* Define precisely the end to end security problem in 
the wireless world with the right words. 


* Explain why the most important thing is to consider 
the whole system, even if everything is physically 
moving in the wireless world. 





Figure 1-2. Objectives WL191.0 


Notes: 


What you should be able to do after completing this unit as part of the WL19 course: 


¢ Define precisely the end to end security problem in the wireless world with the right 
words. 


¢ Explain why the most important thing is to consider the whole system, even if everything 
is physically moving in the wireless world. 





1-4 Wireless end to end security © Copyright IBM Corp. 2003 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Instructor Notes: 

Purpose — 

Objectives. 

Details — 

What you should be able to do after completing this unit as part of the WL19 course: 


¢ Define precisely the end to end security problem in the wireless world with the right 
words. 


¢ Explain why the most important thing is to consider the whole system, even if everything 
is physically moving in the wireless world. 


Additional Information — 
Transition Statement — 
Next slide lists the contents of this unit. 
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Contents 
° Firewall: * Encryption. 
v¥ What is it ? ° Integrity. 
v¥ How do we manage it ? ° Virus: 
° Hacker. v¥ What is it ? 
* Authentication. v Virus example. 
* Privacy. v Virus avoidance. 
* Trust. * Worm: 
* Access control. v¥ What is it ? 
* Confidentiality. v Worm example. 
* Accountability: ° Hoax. 
Vv What is it ? ° Exploit: 
v Trusted transaction. v¥ What is it ? 
° Availability: v¥ Exploit example 1. 
¥ What is it ? Vv Exploit example 2. 
¥ 802.11 channels. * WLAN security glossary. 
Y Denial of service. * End to end security. 
Figure 1-3. Contents WL191.0 
Notes: 


This slide is a list corresponding to the next slides that cover the objectives of this unit. It 
can be kept as a reference to quickly retrieve a definition. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 
Additional Information — 

Transition Statement — 

Let's go to the definitions and principles. 
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Firewall 





Firewall: A fireproof wall used as a barrier to prevent the spread 
of fire. 

A process used to prevent external intruders from accessing 
private networking domains. 





Public domain Firewall Private domain 








Figure 1-4. Firewall WL191.0 


Notes: 


In the computer world, a firewall is a process used to prevent external intruders from 
accessing private networking domains. 
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Instructor Notes: 
Purpose — 

Definition of a firewall. 
Details — 


Intruders are compared to a fire that destroys the domain in which it is spread. A firewall is 
an efficient protection, but it has limitations. 


An intruder may be a user, trying to enter a reserved domain, it can also be a program ora 
set of data. 


Millions of computers are connected to the Internet, and the number increases daily. When 
you connect to the Internet, you can connect with millions of other computers and those 
computers can connect with your computer. Unprotected connections to the Internet can 
leave your computer open to hacker attacks, viruses, Trojan horses, offensive Web sites, 
and many other Internet threats. 


Additional Information — 


IBM uses Symantec firewall to protect user laptops. 


Symantec Desktop Firewall can help you track everything that happens on 
your computer. It monitors the Internet to give you peace of mind when 


you are online. It helps protect your security and your privacy. 


Transition Statement — 


Next slide shows you what happens when a program is attempting to pass the barrier, and 
tells you how to configure the firewall. 
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Firewall 





€Symantec Desktop Firewall Xx 


The firewall needs ' 
instructions from the s ALERT 


user to protect him. 





A Symantec Desktop Firewall has detected that Application x is 
attempting to access the Intemet. 


Any attempt from an 
application either to 


Details 





Application: C:\...\ Applic_x.exe 


. Time: 23/07/2003 09:54:31 
exit or to enter a user Flercte Servieee Gubound TCP on Rp PaCTn 
system Is detected and Remote address: Bae er 


generates an Alert. (2888208) 
Before Application x can access the Intemet, you must tell Symantec 
Desktop Firewall how you would like it to handle this application. 


The user must then 

carefully configure the oo [eo] Ce ee ce 
acceptance rule or @_ Block this network communication this time. 
block the application. @== BY] penstcsneswork communication tis tine 


If you receive multiple alerts from a application, you should configure a rule 
or shut down the application. 





Figure 1-5. Firewall WL191.0 


Notes: 


The firewall needs instructions from the user to protect him. 


Any attempt from an application either to exit or to enter a user system is detected and 
generates an Alert. 


The user must then carefully configure the acceptance rule or block the application. 
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Instructor Notes: 
Purpose — 
Configuring the firewall. 
Details — 


Symantec Desktop Firewall includes Symantec Desktop Firewall and Privacy Control. 
Together, they monitor the Internet to give you peace of mind when you are online. 
Symantec Desktop Firewall protects your security and Privacy Control protects your 
personal information. 


Symantec Desktop Firewall provides a barrier called a firewall between your computer and 
the Internet. Firewall programs are filters that block or allow connections and data 
transmissions on the Internet. By filtering connections and information, firewalls protect you 
from malicious Internet content. 


Symantec Desktop Firewall automatically filters most content for you. It automatically 
determines the best way to protect many popular applications. When an application that 
Symantec Desktop Firewall does not recognize attempts to communicate over the Internet, 
Symantec Desktop Firewall alerts you, and the Firewall Rule Assistant helps you create a 
new rule. 


Other firewalls work the same way. 
Additional Information — 


What the instructor can read to ask additional questions or to better understand the subject 


Transition Statement — 
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Hacker 


Hacker: An individual who illegally gains access to an electronic system, 
using clever tricks. 





Public domain Firewall Private domain 






* Intrusion 

* Impersonation 

* Man in the Middle 

° Usage of 
weakness 

* Data capture 








Figure 1-6. Hacker WL191.0 


Notes: 


Hacker: An individual who illegally gains access to an electronic system, using clever 
tricks. 


The hacker may be somebody from the external world, as well as somebody from the 
enterprise itself. 


He is expert in system vulnerabilities and knows the tools to perform any kind of attack: 
¢ Intrusion 
¢ Impersonation 
¢ Man in the Middle 
¢ Usage of weakness 


¢ Data capture 
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Instructor Notes: 
Purpose — 
Definition of a hacker. 
Details — 


Here we define the "bad guy", the pirate hacker who uses sophisticated tools to illegally 
access systems and conduct passive or active attacks. In unit 8 we will present the "Ethical 
hacker" as a remedial from the "pirate hacker" and from other insanities. 


Additional Information — 
The Threat from Within 


Traditionally, in network deployment, security measures have been focused on blocking 
external hackers from gaining access to the enterprise. But attackers may not necessarily 
come from outside the organization. The use of WLANs within the enterprise can expose 
corporate data to anyone with suitable equipment either outside or inside the organization. 


Therefore network managers need to assess the new risks from within. The internal risk 
may in fact be caused by employees taking inadvertent steps to improve their business 
needs, however malicious intent should not be disregarded. Some employees, driven by 
mobility, decreasing prices and ease of installation may introduce new unauthorized 
access points. 


Indeed, the City of London survey found a surprising number of the cheaper non-enterprise 
access points deployed which would confirm this point. 


The risk here is that these ad-hoc network additions offer a backdoor into the enterprise 
allowing a suitably equipped individual to reconfigure poorly or wrongly configured access 
points for curiosity purposes or malicious intent. 


Transition Statement — 
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Authentication 





Authentication: Verification of the identity of a user or the users 
eligibility to access an object. A process used to verify the integrity of 
transmitted data, especially a message. 












User’s authentication 


Ca »»)) «« : 
Ww y Server’s authentication [=] y 


Applications 
utual [HLA 


Authentication 











User id / Password 
Key exchange 

Challenge-response 
Biometry, etc 





User id / Password 
Key exchange 
Challenge-response 









Figure 1-7. Authentication WL191.0 


Notes: 


Authentication: 


Verification of the identity of a user or the users eligibility to access an object. A process 
used to verify the integrity of transmitted data, especially a message. 


Authentication is the process used to verify that an entity, presented as "name x" is really 
"name x". 
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Instructor Notes: 
Purpose — 

Definition of the authentication. 
Details — 


Authentication is used each time a secure connection is established between two entities. 
It is important to authenticate both ends to each other before revealing secrets, before a 
rogue server could impersonate the regular server and capture secret user data for 
malicious reuse. 


Additional Information — 


Because radio waves can be eavesdropped and data captured, it is important to never 
exchange keys over a wireless link. 


Keys are traditionally combined with a random number on both sides. 


Only the random number and a resulting value are sent on the radio waves, making 
impossible the retrieval of the key and unpredictable the next authentication sequence. 


Transition Statement — 
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Privacy 





Privacy: The condition of being secluded from others. (Individual secrecy). 


Biometric access control ~~, = oe 7 nae a a > E 
= 


ae aiennii hk 


Employees personal data 


/ 










\ 


Company restricted data 


Applications 


Specific applications 


Inputs / Outputs 





Figure 1-8. Privacy WL191.0 


Notes: 


Privacy is the respectful usage of personal information. 
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Instructor Notes: 
Purpose — 

Definition of the privacy. 
Details — 


You may not want confidential information, such as credit card numbers, your home phone 
number, and so on, to be sent un-encrypted over the Internet. 


Privacy prevents confidential information from being entered on non-secured Web sites. 


Additional Information — 


Privacy protection by firewalls: 


Chances are you have a lot of personal information stored on your PC, including 
credit-card numbers, online banking details, and confidential financial data. 


That's why the "Privacy Control" service offered by firewalls allows you to designate key 
information that should be protected from unsecured Web sites. It also prevents Web 
servers from retrieving your E-mail address without your permission, or tracking your online 
activities through cookies. 


Confidential information, such as credit-card numbers, can be blocked from insecure Web 
sites. 


Web sites use cookies to track your visits. You can block cookie responses when Web sites 
ask for them. 


Firewall that offer this service will prevent your browser from sending your E-mail address 
and the address of the last site you visited without your permission. 


Transition Statement — 
Make the difference between Authentication, Privacy, Trust, etc. 
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Trust 





) , Trust: Firm reliance on the integrity or ability of a person or thing. 


Authenticated entities must be trusted 


System administrator 

Every company employee 
Designated servers 

Proven applications 

Wireless devices 

Point of Sales (electronic payments) 
Cookies from selected Web sites 


Firewalls must be configured to block access to untrusted entities: applications 
or data download. 


Limited data exchanges are possible with untrusted devices. 





Figure 1-9. Trust WL191.0 


Notes: 


Trust is the state of confidence that is established with a person or with an entity. 
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Instructor Notes: 
Purpose — 

Definition of the "trust". 
Details — 


Basically, trust may have different meanings depending on the operation in which it is used. 


This slide defines the Trust as being the confidence in a person or in a process. 


A trusted system is a system that will never perform an invalid action. This supposes that it 
is very well protected itself against virus and any invader. 


Additional Information — 


Considering operations, Trust is also the measure of confidence that can be placed on the 
predictable occurrence of an anticipated event, or an expected outcome of a process or 
activity. 


For business activities that rely on information technology (IT), trust is dependent on both 
the nature of the agreement between the participants and the correct and reliable operation 
of the IT solution. 


The reliance on computerized processes for personal, business, governmental, and legal 
functions is evolving into a dependency and a presumption (not to be confused with trust) 
that the processes, and the IT systems within which they execute, will function without flaw. 


Transition Statement — 


Access control needs to be able to trust the entities to which access is granted. 
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Access control 


2 
Access control: The process to grant the right to 
enter or make use of an entity. 





aa 


Application 3 A 


Application 4 Oe 
ms Application 5 








Figure 1-10. Access control WL191.0 


Notes: 


Access control: 


The process to grant the right to enter or make use of. 
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Instructor Notes: 
Purpose — 

Definition of Access control. 
Details — 


Like a personal house or an enterprise building, data is the property of someone. An 
enterprise needs to protect its assets, including the data, programs, processes, etc. 


As many people use information systems for various usages, data cannot be left free to be 
accessed by everyone. Access control is the way to restrict data access to those users who 
have the "need to know". 


Additional Information — 
Transition Statement — 
Access control and confidentiality are complementary concepts. 
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Confidentiality 


Confidentiality: State of being in confidence. Data confidentiality is 
restricted access to data. 
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Figure 1-11. Confidentiality WL191.0 


Notes: 


Confidentiality: State of being in confidence. Data confidentiality is restricted access to 
data. 
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Instructor Notes: 

Purpose — 

Definition of the confidentiality. 

Details — 

Confidentiality is the concept to keep something away from the public view. 
Additional Information — 


Confidentiality needs access control. A confidential information can only be accessed by 
people who have been given access to it. Confidentiality is different than privacy, which 
refers to the usage of personal data, obviously confidential. 


Transition Statement — 
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Accountability (non repudiation) 


of a specific act. 





What _can be repudiated ? 


* Sent messages 
I have never sent that... 


° Received messages 
> I have never received that... 


° Used Resources 
I have never been connected with this to do that... 


How to make an object accountable (non-repudiable) ? 
° Public Key cryptography 

° Digital certificates 

° Digital signature 


Accountability: The state to be believable. Repudiation means rejection 





Figure 1-12. Accountability (non repudiation) 


Notes: 


WL191.0 


Accountability: The state to be believable. Repudiation means rejection of a specific act. 
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Instructor Notes: 

Purpose — 

Definition of accountability and repudiation. 
Details — 


For centuries, shaking hands had the value of signature, and it was a serious damage to 
the honour to repudiate an agreed transaction. 


Today, honour probably still exists in most cases, but transactions have become more strict 
and official, based on regular documents. The hand written signature has become the tool 
to avoid repudiation, and for some acts, the accountability is brought by the action of an 
official person, acting as an officer for a public institution. 


Accountability is the concept to give to transactions a public value that cannot be denied. 
Repudiation is the rejection of a transaction. 


Additional Information — 
Transition Statement — 


The next slide shows how we produce an electronic "trusted transaction", accountable, and 
non repudiable by the author. 
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Accountability (non repudiation) 


Trusted transaction: A transaction guaranteed for its integrity. 
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Figure 1-13. Accountability (non repudiation) WL191.0 


Notes: 


A "trusted transaction" is an operation that cannot be repudiated by its author. This slide 
shows the example of an electronic document to which we attach an electronic signature. 


This accountability relies on the use of a Public key encryption, legally protected by a 
Certification authority. 
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Instructor Notes: 
Purpose — 
Details — 


The transaction is initially an electronic document. The first step consists of doing the Hash 
function on it to obtain the "hashed transaction" (see Hash function below). Then the Public 
Key Infrastructure (PKI) is used to encrypt the hashed transaction with the private key of 
the author. The encrypted result is then appended to the original document to produce the 
"signed transaction", which has a legal value if the Certification authority that produces the 
PKI is accredited. 


In case of dispute on the validity of the document, the Certification authority can reproduce 
the process, starting from the original document, and certify that the signature was really 
done by the author. This prevents the repudiation. 


Additional Information — 


Integer Hash Function 
Thomas Wang, Jan 1997. Last update Aug 2002. 


Abstract 


An integer hash function accepts an integer hash key, and returns an integer hash result 
with uniform distribution. In this article, we will be discussing the construction of integer 
hash functions. 


Introduction 


Hash table is an important data structure. All elementary data structure text books contain 
some algorithms of hash table. However, all too often the treatment of hash function is 
discussed as an after-thought. Thus examples abound in systems where the poor choice of 
the hash function resulted in inferior performance. 


Certainly the integer hash function is the most basic form of the hash function. The integer 
hash function transforms an integer hash key into an integer hash result. For a hash 
function, the distribution should be uniform. This implies when the hash result is used to 
calculate hash bucket address, all buckets are equally likely to be picked. In addition, 
similar hash keys should be hashed to very different hash results. Ideally, a single bit 
change in the hash key should influence all bits of the hash result. 


Hash Function Construction Principles 
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A good mixing function must be reversible. A hash function has form h(x) -> y. If the input 
word size and the output word size are identical, and in addition the operations in h() are 
reversible, then the following properties are true. 


1. If h(x1) == y1, then there is an inverse function h_inverse(y1) == x1 


2. Because the inverse function exists, there cannot be a value x2 such that x1 != x2, and 
h(x2) == y1. 


The case of h(x1) == y1, and h(x2) == y1 is called a collision. Using only reversible 
operations in a hash function makes collisions impossible. 


Beside reversibility, the operations must use a chain of computations to achieve avalanche. 
Avalanche means that a single bit of difference in the input will make about 1/2 of the 
output bits be different. At a point in the chain, a new result is obtained by a computation 
involving earlier results. 


For example, the operation a = a + b is reversible if we know the value of 'b', and the after 
value of 'a'. The before value of 'a' is obtained by subtracting the after value of ‘a’ with the 
value of 'b’. 


Knuth's Multiplicative Method 


In Knuth's "The Art of Computer Programming", section 6.4, a multiplicative hashing 
scheme is introduced as a way to write hash function. The key is multiplied by the golden 
ratio of 2432 (2654435761) to produce a hash result. 


Since 2654435761 and 2“32 has no common factors in common, the multiplication 
produces a complete mapping of the key to hash result with no overlap. This method works 
pretty well if the keys have small values. Bad hash results are produced if the keys vary in 
the upper bits. As is true in all multiplications, variations of upper digits do not influence the 
lower digits of the multiplication result. 


As a work around, one possible solution would be to multiply with different prime numbers, 
each time with the key's bit orders reversed. This will ensure we will scramble the bits 
sufficiently. However, the performance will be slowed down by the multiplication operations, 
and bit reversal operations. This can be a good work-around if performance is not a 
concern. 
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Robert Jenkins' 96 bit Mix Function 


Robert Jenkins has developed a hash function based on a sequence of subtraction, 
exclusive-or, and bit shift. The following is the mixing part of the hash function. 


#define mix(a,b,c) \ 
{ \ 
a=a-b; a=a-c; a ( 2 
b=b-c; b=b-a; b=b*( ) 
c=c-a; c=c-b; c ( a 
a=a-b; a=a-c; a=a% ( LZ 
b=b-c; b=b-a; b=b*% (ax<16); 
ean (bo>5) 
(Orr) 
( 0) 
(b>>15 





c=c-a; c=c-b; 
a=a-b; a=a-c; a= 
b=b-c; b=b-a; b=b% 
c=c-a; c=c-b; c=c 





~ 
GO GO GO gg eR RE ea gee 


Variable 'c' contains the input key. When the mixing is complete, variable 'c' also contains 
the hash result. Variable 'a', and 'b' contain initialized random bits. Notice the total number 
of internal state is 96 bits, much larger than the final output of 32 bits. Also notice the 
sequence of subtractions rolls through variable ‘a’ to variable 'c' three times. Each row will 
act on one variable, mixing in information from the other two variables, followed by a shift 
operation. 


Subtraction is similar to multiplication in that changes in upper bits of the key do not 
influence lower bits of the addition. The 9 bit shift operations in Robert Jenkins' mixing 
algorithm shifts the key to the right 61 bits in total, and shifts the key to the left 34 bits in 
total. As the calculation is chained, each exclusive-or doubles the number of states. There 
are at least 29 different combined versions of the original key, shifted by various amounts. 
That is why a single bit change in the key can influence widely apart bits in the hash result. 


The uniform distribution of the hash function can be determined from the nature of the 
subtraction operation. Look at a single bit subtraction operation between a key, anda 
random bit. If the random bit is 0, then the key remains unchanged. If the random bit is 1, 
then the key will be flipped. A carry will occur in the case where both the key bit and the 
random bit are 1. Subtracting the random bits will cause about half of the key bits to be 
flipped. So even if the key is not uniform, subtracting the random bits will result in uniform 
distribution. 
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Robert Jenkins' 32 bit Mix Function 


In e-mail communication with Robert Jenkins, he mentioned that the following mix function 
may be more suitable for an integer hash function. 


unsigned int inthash(unsigned int key) 


{ 


key t= (key << 12); 
key “= (key >> 22); 
key += (key << 4); 
key *= (key >> 9); 
key t= (key << 10); 
key “= (key >> 2); 
key += (key << 7); 
key “= (key >> 12); 


return key; 


By keeping the internal state the same size as the output state, the function is shorter than 
the 96 bit state version. This function served as a starting point for my research. The 
number of operations are a little high; also notice the problem of h(0) = 0 in this hash 
function. 


Thomas Wang's 32 bit Mix Function 


| have since searched for a faster version of the integer hash function. This is my latest 
version. 


int inthash(int key) 
{ 
key += ~ (key << 15); 
key *= (key >>> 10); 
key t= (key << 3); 
key “= (key >>> 6); 
key += ~ (key << 11); 
key *= (key >>> 16); 
return key; 





By taking advantages of the native instructions such as 'add complement’, and ‘shift & add’, 
the above hash function runs in 11 machine cycles on HP 9000 workstations. 
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Having more rounds will strengthen the hash function by making the result more random 
looking, but performance will be slowed down accordingly. Simulation seems to prefer 
small shift amounts for inner rounds, and large shift amounts for outer rounds. 


Thomas Wang's 64 bit Mix Function 


long longhashl (long key) 

{ 
key += ~ (key << 32); 
key *= (key >>> 22); 
key t= ~ (key << 13); 
key *= (key >>> 8); 
key += (key << 3); 
key *= (key >>> 15); 
key += ~ (key << 27); 
key *= (key >>> 31); 
return key; 


The longer width of 64 bits require more mixing than the 32 bit version. 


Using Multiplication for Hashing 


As previously mentioned, using multiplication requires a mechanism to transport changes 
from high bit positions to low bit positions. Bit reversal is best, but is slow to implement. The 
alternatives are left shifts, and Substitution box lookup. 


This example hash function uses multiplication with odd constants, and left shifts. For more 
strength, one can simply add more rounds of multiplication, alternating between c1 and c2. 


long longhash2 (long key) 

{ 

long cl = 0x6e5ea73858134343L; 
long c2 = 0xb34e8f£99a2ec9ef5L; 
key *= ((cl * key) >>> 32); 





key *= cl; 
key *= ((c2 * key) >>> 31); 
key *= c2; 


key “= ((cl * key) >>> 32); 
return key; 
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A substitution box is useful, because its output can impact all bit positions. We take the 
high bit position of the multiplication as input, and exclusive-or the value of the substitution 
box with the value of the multiplication result. Care need to be considered to make the 
operation reversible, by making sure the high bit is untouched. 


int samplehash(int key) 
{ 





int cl = 0xd2d84a6el1; 
int c2 = 0x7832c9f4; 
key *= cl; 


key “= (key < 0) 7 o2 : (OxTELECETEE * 62)7 7/7 1 > 32 Shox 


Parallel Operations 


If a CPU can dispatch multiple instructions in the same clock cycle, one can consider 
adding more parallelism in the formula. 


For example, for the following formula, the two shift operations can be performed in 
parallel. 


key *= (key << 17) | (key >>> 16); 


For 32 bit word operations, only certain pairs of shift amounts will be reversible. The valid 
pairs include: (17,16) (16,17) (14,19) (19,14) (13,20) (20,13) (10,23) (23,10) (8,25) (25,8) 


Multiplication can be computed in parallel. Any multiplication with odd number is reversible. 


key += (key << 4) + (key << 9)7 // key = key * 529 


Test Program 


This is a test program testing the choices of the shift amounts with regard to the resulting 
avalanche property. The program detects if a certain bit position has both changes and no 
changes, based on a single bit flip. 
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Power of 2 Hash Table Size 


Programmer uses hash table size that is power of 2 because address calculation can be 
performed very quickly. The integer hash function can be used to post condition the output 
of a marginal quality hash function before the final address calculation is done. 


addr = inthash(marginal_hash_value) & (tablesize - 1); 


Using the inlined version of the integer hash function may end up faster than doing a 
remaindering operation with a prime number! An integer remainder operation may take up 
to 18 cycles or longer to complete, depending on machine architecture. 


Conclusions 


In this article, we have examined a number of hash function construction algorithms. 
Knuth's multiplicative method is the simplest, but has some known defects. Robert Jenkins’ 
96 bit mix function can be used as an integer hash function, but is more suitable for 
hashing long keys. A dedicated hash function is well suited for hashing an integer number. 


We have also presented an application of the integer hash function to improve the quality 
of a hash value. 


Transition Statement — 


To link the flow of charts 
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Availability 


Availability: Capability of being used or gotten. Security concern is unavailability due to 
malicious actions or by misplacing units using the same wavelengths. 


Denial of Service by jamming 
the radio domain with a 
powerful emitter or an emitter 
with a directional antenna 








Figure 1-14. Availability WL191.0 


Notes: 


Availability: Capability of being used of gotten. Security concern is unavailability due to 


malicious actions or by misplacing units using the same wavelengths. 
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Instructor Notes: 
Purpose — 

Definition of availability 
Details — 


In addition to the concept of availability, this slide introduces the "Denial of service", that 
consists of reducing the availability of a network. 


Any network can be attacked using denial of service, by sending multiple files, big files, 
wrong packets, etc. 


A WLAN can be attacked by jamming the radio receivers with a strong radio emission, 
possibly got from a small emitter by using a directional antenna. 


Additional Information — 
Transition Statement — 


Next slide shows how to preserve the availability by properly mapping the usage of 
channels. 
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Availability 





802.11b defines 14 channels in the 2.4 GHz ISM band, using DSSS 
All those channels are not available worldwide 





8 9 10 11 12 13 





2400 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 2472 2483,5 7484 2495 


Non-overlapping channels can be installed in the same area and be usable 
simultaneously. Same channels must not be used in the same area. Overlapping 
channels have some interferences, but can co-exist anyway. This picture helps to 
determine the location of Access Points in a building for a good availability with 
minimum interferences. 








Figure 1-15. Availability WL191.0 
Notes: 

This slide shows the frequency distribution of the 2.4 GHz ISM band into channels. 
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Instructor Notes: 
Purpose — 

Definition of availability 
Details — 


Access points can be configured to use one of the indicated channels. Restrictions exist in 
various countries, preventing the usage of some channels. 


When designing a WLAN layout, it is necessary to carefully position the access points to 
avoid interference that could cause unavailability. It is a challenge to cover a complete area 
without holes and without interference. 


Additional Information — 
Designing a WLAN is not the objective of the present course. 
Transition Statement — 


A bad layout design causes unavailability that is a form of Denial of Service. Next slide 
indicate other known causes. 
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Availability 


Denial of Service vulnerabilities on Wireless Networking 


Unspecified Network Traffic 
Multiple authentication requests 
Recursive JavaScript events 
Improper JavaScript's 

Internet frames refresh 

Send de-authentication packets 
Send authentication error packets 
Simulation of an Access Point 
Send gigantic files 

Proxying / Hijacking (handling traffic between two machines) 
Man-in-the-middle attack 
Impersonation 





Figure 1-16. Availability WL191.0 


Notes: 


Denial of Service vulnerabilities on Wireless Networking 
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Instructor Notes: 
Purpose — 

Definition of availability 
Details — 


This slide lists the known causes of Denial of Service that causes unavailability of a 
wireless network. 


Additional Information — 
This list is not exhaustive to Wireless networks. Wired networks are also affected. 
Transition Statement — 


Next topic covers a different concept: encryption. 
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Encryption 


sm: On Encryption: Computer science to scramble data to prevent 


ya unauthorized access. 


Symmetrical encryption: 802.11 WEP 


@:-8@2:'@ 
~~... Sane key ep 


Asymmetrical encryption: Public Key Infrastructure 


Private key anv _— data 














Figure 1-17. Encryption WL191.0 


Notes: 


Encryption: Computer science to scramble data to prevent unauthorized access. 
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Instructor Notes: 
Purpose — 

Definition of encryption 
Details — 


The purpose of encryption is to maintain the confidentiality wnen data are moving, and in 
particular when they use a public domain. 


There are several types of encryption, more or less secure, using more or less computing 
power and time. 


For instance, the encryption of a high speed network must be fast and cheap, this is why 
WEP has been chosen to encrypt the 802.11 wireless LAN. 


Additional Information — 
The weakness of WEP is not the topic of this slide. 
Transition Statement — 


After encryption, Integrity. 
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Integrit 








Integrity: From Latin integer (whole), data integrity indicates 
that information does not suffer any kind of alteration. 


Protection from lost or damaged data due to malicious actions. 


* Use efficient encryption techniques to secure data transmitted over shared domains. 
* Protect network accesses to avoid Man-in-the-middle attacks and impersonation. 


* Detect and prevent proxying / hijacking. 








Figure 1-18. Integrity WL191.0 


Notes: 


Integrity: From Latin integer (whole), data integrity indicates that an information does not 
suffer any kind of alteration. 
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Instructor Notes: 
Purpose — 
Definition of integrity. 
Details — 


Data integrity has always been a concern in computing, originally for technical reasons to 
avoid loss of bits or extra bits. Checking techniques have been developed to detect errors, 
and even correct data during transmission. 


Security is concerned by the integrity of data for other reasons. Data must be protected 
from malicious actions intended to modify their contents. 


Additional Information — 
Transition Statement — 


Now let's talk on parasites 
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Virus 





Virus: Any of various submicroscopic, often pathogenic parasites that 
consist essentially of a core of RNA or DNA surrounded by a protein 
coat. A computer virus is an illegal program installed by a 
malicious action, containing actions intended to create disasters. 





Legal program Infested program Virus 





Normal flow Disturbed flow 





Figure 1-19. Virus WL191.0 


Notes: 


A computer virus is an illegal program installed by a malicious action, containing actions 
intended to create disasters. 
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Instructor Notes: 
Purpose — 
Definition of virus. 
Details — 


A virus is a parasite that causes illness. 


A computer program is sane when it contains valid functions only. 


Modifying a program to add or modify an existing function installs a virus. Then the 
program is infested. 


A virus is actually a program able to use the computing power to cause any consequence. 
Some are real disasters. 


Additional Information — 
Transition Statement — 


Here is an example of a virus received by E-mail. 
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Virus example 





From: lvprocom <lvprocom@aol.com> 
30/01/2003 02:07 


To: [Your email address] 


Subject: A WinXP patch [“Your company's antivirus detection system has 
identified a virus in an attachment to this e-mail. The attachment has been 
deleted and replaced with a dummy file. No further reporting or action is 
required on your part. THIS E-MAIL IS NOW SAFE TO OPEN. 


Visit “Your.company.URL/virus for more information."] 


2 


ccrpnews. pif 
This is a WinXP patch 


I hope you enjoy it. 








Figure 1-20. Virus example WL191.0 


Notes: 


This E-mail has really been sent on the IBM mail system. 
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Instructor Notes: 
Purpose — 
Definition of virus. 
Details — 


Fortunately IBM protects its E-mail system by looking attachments. This example shows 
that this detection system has efficiently identified a virus and made it inactive before the 
user has got it. 


A detection system cannot be efficient the first day of the appearance of a new virus. 


Additional Information — 
Visit w3.iobm.com/virus for more information. 
Transition Statement — 


How to avoid viruses? 
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Virus avoidance 





Viruses have many ways to spread themselves to other computers: 
¢ Email attachments (executables) 

¢ Unprotected network shares (not password protected) 

. etc. 





Weaknesses of personal computers: 

¢ Unprotected email system 

¢ Executing infected files 

* Receiving infection from friend infected systems 

¢ Administrative shares (ADMINS, C$, and IPC$) with trivial password. 
¢ Excessive usage of file sharing (even not protected) 





Recommendations: 

¢ Disable file and print sharing 

¢ Use a personal firewall, such as Symantec Desktop Firewall 

¢ Protect Administrator, Guest and Owner accounts with good passwords 
(ITCS300) 

¢ Use the latest anti-virus available. 





Figure 1-21. Virus avoidance WL191.0 


Notes: 


Recommendations to follow. 
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Instructor Notes: 

Purpose — 

Definition of virus. 

Details — 

No comment. 

Additional Information — 

Visit w3.iobm.com/virus for more information. 
Transition Statement — 


Another parasite! 
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Worm 
No 

Worm: Any of various invertebrates, such as an earthworm or 
tapeworm, having a long, flexible, rounded or flattened body. A 
computer worm is a piece of program appended to a legal 
program, producing undesirable results. 

Worm 
Legal program Infested program 





Normal flow Disturbed flow 





Figure 1-22. Worm WL191.0 


Notes: 


A computer worm is a part of program appended to a legal program, producing undesirable 
effects. 
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Instructor Notes: 
Purpose — 
Definition of worm. 
Details — 


Instead of replacing a part of a program like a virus does, a worm is appended to a legal 
program, in such a way that the worm program is run on top of the legal program. 


The effects are similar to viruses, and the protections are the same. 


Additional Information — 
Visit w3.iobm.com/virus for more information. 
Transition Statement — 


Here is an example of a worm spread by E-mail. 
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Worm example 





No 


From: Your company_Security_department@main_location 

To: All company employees WW 

Subject: ACTION REQUIRED - BAT_SPYBOT.A (aka BAT.MUMU.A.WORM) 
Vulnerability: BAT_SPYBOT.A (aka BAT.MUMU.A.WORM) 

Systems affected: Windows 2000, Windows XP and Windows NT4. 


Problem defined: The BAT_SPYBOT.A worm performs a brute-force password guessing attack by which it 
attempts to gain access to administrator privileges on workstations running Windows 2000, Windows XP and 
Windows NT4 and spread itself throughout the network. The worm significantly slows network connectivity. 


The most vulnerable systems are those on which trivial or no passwords are in use. 
Take action! 


All employees should take the following actions immediately: 


Run LiveUpdate (http://your_company.com/Virus/liveupdate.html) - to acquire the latest virus definitions for your 
anti-virus application. 


Scan your workstation (http://your_company.com/virus/navscansteps.html) - after you have updated your virus 
definitions. 


Ensure your Windows password complies with the password security standard of your company. 
Your Windows password is what you use to log in to your PC. 

Verify that your password is compliant; if the password complies, no further action is necessary. 
If your password is not compliant, you must change it immediately. 


To change your password, hit CTRL+ALT+DELETE, select Change Password, and enter a new password 
complying with the password security standard. Click OK. 


Additional information is available at http://your_company.com/virus 





Figure 1-23. Worm example WL191.0 


Notes: 


This slide shows the action of the IBM antivirus team when they are informed of the 
presence of a worm. 





1-52 Wireless end to end security © Copyright IBM Corp. 2003 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Instructor Notes: 
Purpose — 
Definition of worm. 
Details — 


The first action done by the antivirus team consists of building a detection function able to 
detect the new virus or worm, then install it in the antivirus program, then inform 
employees. 


The detection function is actually built by Symantec that maintains the antivirus program. 


Additional Information — 
Visit w3.iobm.com/virus for more information. 
Transition Statement — 


Is it still other parasites? 
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Hoax 





Hoax: An act intended to deceive or trick. An attempt to make you 
execute an invalid action. 


Legal program You Legal program 


f 





Normal flow Normal flow 





Figure 1-24. Hoax WL191.0 


Notes: 


Hoax: An act intended to deceive or trick. An attempt to make you execute an invalid 
action. 
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Instructor Notes: 
Purpose — 
Definition of hoax. 
Details — 


A hoax is not a parasite. It is a wrong information intended to frighten users and conduct 
them to execute an invalid action, such as deleting a vital file from your operating system. 


The hoax does not perform any invalid action. YOU perform the action. 


Additional Information — 
The hoax does not physically exist. It is just a bad and false information. 
Transition Statement — 


A new parasite? 
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Exploit 





Exploit: A method using the known vulnerabilities of applications 
or operating systems to run specific programs like read / write 
on disk, or enter a network. 





Bugged program 









Normal entry 


Unexpected entry 


Vulnerability 


Normal 
functions 





Figure 1-25. Exploit WL191.0 


Notes: 


Exploit: A method using the known vulnerabilities of applications or operating systems to 
run specific programs like read / write on disk, or enter a network. 
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Instructor Notes: 
Purpose — 

Definition of an exploit. 
Details — 


Nothing is perfect. Some programs have bugs. Exploits use program bugs to make them 
execute invalid actions. 


Additional Information — 


The following list of exploits has been found on the Internet. Actually the list is truncated. 
Refer to the web site for complete information. 


http://www.insecure.org/sploits_all.html| 


Last modified: Thursday, 17-Aug-2000 17:43:49 PDT 


Exploit world! 

Master Index for ALL Exploits 

Compiled by Fyodor fyodor@insecure.org 
on Thu Jan 13 21:41:31 UTC 2000 


[Back] to Fyodor's Playhouse 


3com/USR Total Control Chassis termserver problem 


Description: The IP filtering on these servers doesn't appear to work for dialin connections. 
Thus a user can dialin, get a "host:" prompt without authentication, and then type in any 
hostname on the internet (or intranet) to connect to. System logs incorrectly say that the 
connection was denied. 


Author: Jason Downs <downsj@DOWNSJ.COM> 
Compromise: Unauthorized access to Internet/Intranet through the terminal server 


Vulnerable Systems: Those running the Total Control (tm) NETServer Card V.34/ISDN with 
Frame Relay V3.7.24, perhaps other versions. 


Date: 11 May 1998 


Exploit & full info: Available here 
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Bay networks unpassworded "User" account 


Description: Unless they sysadmins change it (they should!), bay networks access 
node/wellfleet routers have a "User" account for ftp/Telnet access with no password. The 
Manager account also ships w/o a password, but that is more likely to be changed. 


Author: Marty Rigaletto <marty@SLACK.NET> 
Compromise: Read valuable configuration information, edit routing tables, etc. 


Vulnerable Systems: Networks using Bay Networks access node/wellfleet routers that 
haven't changed the default passwords. 


Date: 10 May 1998 


Notes: Many products come w/o passwords with the assumption that they will be changed. 
This isn't really Bay Networks’ fault, although perhaps the "User" account isn't documented 
well enough. 


Exploit & full info: Available here 


AIX rmail hole 

Description: IFS attack, apparently AIX may be using system() 
Author: Unknown 

Compromise: gid mail 

Vulnerable Systems: AIX 3.2, perhaps earlier 

Date: 10 May 1998 (it is actually much older) 

Notes: Thanks to the person who submitted this to me! 


Exploit & full info: Available here 


Motorola Cablerouter hole 


Description: Motorola CableRouters listen on port 1024 regardless of IP access restrictions 
for some reason. This hole in combination with the default login:cablecom pass:router can 
lead to easy unauthorized access 


Author: January <january@SPY.NET> 
Compromise: unauthorized administrator access 


Vulnerable Systems: Motorola CableRouters, especially those where the admin left the 
default passwords in place (always a horrible idea). 


Date: 10 May 1998 


Notes: Cablemodem users must connect from the Internet interface, not from the interface 
on their side of the router. Also Motorola wrote me to say this has been fixed. They claim 
that all customers have upgraded to newer software. 
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Exploit & full info: Available here 


Overflow in Vixie crontab 
Description: standard overflow 
Author: Dave G. wrote the exploit 
Compromise: root (local) 


Vulnerable Systems: Some RedHat distributions, a German distribution DLD 5.2, etc. 
Anyone running vulnerable version of Vixie crontab. 


Date: 10 May 1998 (actually it is an older problem) 


Exploit & full info: Available here 


Overflows in Minicom 


Description: The terminal emulation modem program minicom has a number of blatant 
overflows. 


Author: Tiago F P Rodrigues <11108496@LIS.ULUSIADA.PT> 


Compromise: group uucp on some Linux distros (such as RedHat), but if installed from 
source with default makefile then it allows root access (local) 


Vulnerable Systems: Most Linux boxes ship with minicom. Version 1.81 and presumably 
earlier are vulnerable. 


Date: 9 May 1998 


Exploit & full info: Available here 


NCSA httpd buffer overflow 
Description: Standard overflow in client request string 
Author: Renos <renosm@YAHOO.COM> 


Compromise: You can probably run arbitrary commands on the web server machine, it is 
trivial to crash the server 


Vulnerable Systems: Those running NCSA's httpd v1.4 for Windows. Probably earlier 
versions too. 


Date: 8 May 1998 
Exploit & full info: Available here 


Poor BSDI squid permissions 
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Description: on BSDI squid configuration files are owned by "www", which is the same UID 
that user CGI runs at. Thus a user could change start-squid to start a root shell, for 
example. 


Author: "Jonathan A. Zdziarski" <jonz@NETRAIL.NET> 
Compromise: user WWW privs -> root 

Vulnerable Systems: BSDI 3.1, perhaps other squid installs 
Date: 7 May 1998 


Exploit & full info: Available here 


dip 3.3.70 overflow 

Description: Standard overflow (in the -I option processing). 
Author: Goran Gajic <ggajic@AFRODITA.RCUB.BG.AC.YU> 
Compromise: root (local) 


Vulnerable Systems: Slackware Linux 3.4, presumably any other system using dip-3.3.70 
or earlier suid root. 


Date: 5 May 1998 


Notes: I've included a couple standard exploits and one that works against systems utilizing 
Solar Designer's excellent non-executable-stack patch. 


Exploit & full info: Available here 


Backdoor passwords in 3com switches, routers, smart hubs. 


Description: Numerous 3com products apparently have secret backdoors in case the 
administrator "forgets the password". Yeah, there is a good idea. BIOS vendors have the 
annoying habit of making passwords useless the same way, but at least there the attacker 
needs physical access. With 3com the attacker can Telnet over to your network from bis.bg 
in Sofiya, Bulgaria and reconfigure your routers! 


Author: Eric Monti <monti@MAIL.NETURAL.COM> and others 
Compromise: Intruders can reconfigure and basically take over your switches 


Vulnerable Systems: Many 3com products have various backdoors including: 
LanPlex/Corebuilder switches, 3Com LANplex 2500 , CellPlex 7000 


Date: 5 May 1998 


Notes: Another post | appended notes that admin passwords and SNMP keys are available 
vi the "public" SNMP community by default. 


Exploit & full info: Available here 
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Many holes in the Netmanager Chameleon tool suite 


Description: Mostly standard overflows, but there are lots of them. Virtually every product 
that comes in the suite seems exploitable. 


Author: arager@MCGRAW-HILL.COM 


Compromise: remote attackers can likely obtain root /administrator privileges on the 
machines running Chameleon daemons. The clients also have serious security holes. 


Vulnerable Systems: These holes are in the Windows versions, although | would be very 
careful about running something like their Unix Z-mail product. 


Date: 4 May 1998 
Exploit & full info: Available here 


Transition Statement — 
Two examples from the above list follow. 
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Exploit example 1 





Motorola Cable router hole 


Description: Motorola Cable Routers listen on port 1024 regardless of IP access restrictions for 
some reason. This hole in combination with the default login: cablecom password: router can 
lead to easy unauthorized access 


Author: January <january@SPY.NET> 
Compromise: unauthorized administrator access 


Vulnerable Systems: Motorola Cable Routers, especially those where the admin left the default 
passwords in place (always a horrible idea). 


Date: 10 May 1998 


Notes: Cable modem users must connect from the Internet interface, not from the interface on 
their side of the router. Also Motorola wrote me to say this has been fixed. They claim that all 
customers have upgraded to newer software. 


Source: Internet. 





Figure 1-26. Exploit example 1 WL191.0 


Notes: 


An exploit using a Motorola product weakness. 





1-62 Wireless end to end security © Copyright IBM Corp. 2003 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Instructor Notes: 
Purpose — 

Definition of an exploit. 
Details — 

No comment 

Additional Information — 


Transition Statement — 
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Exploit example 2 





Vulnerability with -C in *IBM's* version of sendmail 





Description: Supposedly, /usr/lib/sendmail -C <anyfile> will display the file specified regardless 
of permissions. This is also true on versions of sendmail prior to 8.8.7 if they are installed 
setgid. They shouldn't be setgid, but an errant makefile sets them that way. 


Author: "DI. Dr. Klaus Kusche" <Klaus.Kusche@OOE.GV.AT> 
Compromise: Read files beyond your permission. 


Vulnerable Systems: the IBM sendmail on AIX 4.1.5 and sendmail prior to 8.8.7 which is 
installed setgid. 


Date: 6 August 1997 


Notes: A post from Troy Bollinger at IBM clarified that you have to be in the "system" group 
(gid 0) in order to use the -C trick. This limits the exploit potential A LOT! Also, A post by Eric 
Allman is appended to Dr. Kusche's post. 


Source: Internet. 





Figure 1-27. Exploit example 2 WL191.0 


Notes: 


An exploit using an IBM product weakness. 
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Instructor Notes: 
Purpose — 

Definition of an exploit. 
Details — 

No comment 


Additional Information — 


Transition Statement — 
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WLAN Security Glossary 


Ad-Hoc network: Self created network 

CCX: Cisco Client eXtension 

CCW: Cisco Compatible Wireless 

EAP: Extensive Authentication Protocol 

EAP-TTLS: EAP - Tunneled Transport Layer Security 
LEAP: Cisco Proprietary 802.1x extension 

MAC: Media Access Control 

PAN: Personal Area Network 

PDA: Personal Digital Assistant 

PWLAN: Public WLAN 

RADIUS: Remote Authentication Dial-In User Service 
Rogue AP: An pirate Access Point inserted in a WLAN 
SSID: Subsystem identification 

VPN: Virtual Private Network 

WAN: Wide Area Network 

WEP: Wired Equivalent Privacy 

Wi Fi: Wireless Fidelity 

WLAN: Wireless Local Area Network 

WPA: Wi Fi Protected Access. WPA 2.0 = 802.11i 





Figure 1-28. WLAN Security Glossary WL191.0 


Notes: 


Some terms currently used in the wireless network security world. 
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Instructor Notes: 
Purpose — 

Glossary for your reference. 
Details — 

No comment 

Additional Information — 
Transition Statement — 


How about End to end security? 
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End to end security 
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Figure 1-29. End to end security WL191.0 


Notes: 


This slide figures out a typical network using private and public networks. 
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Instructor Notes: 

Purpose — 

Definition of End to end security. 
Details — 


This slide points out what is the danger: attacks, virus, etc, and what is the risk: business 
consequences. 


This will be developed in the next units. 
Additional Information — 


Transition Statement — 
This is the last slide. Just look the summary to remember the covered topics. 
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Summary 
° Firewall: * Encryption. 
v¥ What is it ? ° Integrity. 
v¥ How do we manage it ? ° Virus: 
° Hacker. v¥ What is it ? 
* Authentication. v Virus example. 
° Privacy. v Virus avoidance. 
* Trust. * Worm: 
* Access control. v¥ What is it ? 
* Confidentiality. v Worm example. 
* Accountability: ° Hoax. 
¥ What is it ? ° Exploit: 
v Trusted transaction. v¥ What is it ? 
° Availability v Exploit example 1. 
¥ What is it ? Vv Exploit example 2. 
¥ 802.11 channels. °* WLAN security glossary. 
Y Denial of service. * End to end security. 
Figure 1-30. Summary WL191.0 
Notes: 


What this unit has covered. 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 

Additional Information — 

Transition Statement — 

Stop! The traffic light is red. Take the time of a break before going to Unit 2. 
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Unit 2. The network objects related to security 


What This Unit Is About 


This unit describes all the objects that are involved in a security 
process within the enterprise. Here, the term "network" should be used 
in a very global way, like "any object that exchanges data with another 
object, with or without storing it, with or without a permanent 
connection, with a without being submitted to an authority when trying 
to exchange data with another object". The main purpose of this unit is 
to explain the interactions between objects, also what we could name 
"the how". 


What You Should Be Able to Do 


After completing this unit, you should be able to: 


¢ Define precisely all the objects that are involved in security 
processes within the enterprise. 


¢ Explain how to security is a distributed process implemented within 
all the objects. 
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Welcome to: 


WL19 


Wireless End to End Security 





- 


Unit 2: Network structure 














Figure 2-1. WL19 WL191.0 


Notes: 


WL419 unit 2 introduces the elements related to the security in a network. 


Wireless networking is mainly addressed through Wi-Fi and Bluetooth that use different 
concepts to achieve different usages. Those two complementary technologies are also 
complementary with others, for which the same security principles apply. 
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Instructor Notes: 

Purpose — 

Introduce the network structure. 

Details — 

This unit introduces the elements that contribute to the security in a wireless network. 
Additional Information — 

Transition Statement — 

Next slide lists the objectives of this unit. 
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Objectives 


N 
vba 
* 


S 


After completing this unit, you should be able to: 


¢ Define precisely all the objects involved in security 
processes within the enterprise. 


¢ Explain how the security is a distributed process 
implemented within all the objects. 








Figure 2-2. Objectives WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 
Objectives. 

Details — 


After completing this unit, you should be able to: 


¢ Define precisely all the objects involved in security processes within the enterprise. 


¢ Explain how the security is a distributed process implemented within all the objects. 


Additional Information — 
Transition Statement — 
Next slide lists the contents of this unit. 
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Contents 


Corporate Security View 
Network lines and cables 

The Wireless Network 
transmitters-receivers 

The Network Nodes 

The Third Party Network Service 
Providers 

The End-User’s equipments 
User authentication methods 
802.11: Authentication modes 


802.11: WEP Encryption 
802.11: MAC frames / WEP 
Weakness of WEP 
Security in Wi Fi 
Bluetooth authentication 
Bluetooth encryption 
Bluetooth: Radio range 
Bluetooth: Public usages 
Encryption: PKI 





Figure 2-3. Contents WL191.0 


Notes: 


This slide is a list corresponding to the next slides that cover the objectives of this unit. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 


Additional Information — 


Transition Statement — 


Let's go to the first topic. 
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Corporate Security View 








Figure 2-4. Corporate Security View WL191.0 


Notes: 


A centralized network will focus on performances and operations first. This leads to 
consider the associated security at application level and on the network related operations. 
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Instructor Notes: 

Purpose — 

The view of security at corporate level. 
Details — 


Operational management has a priority concern of operations and performances. Do not 
forget security. When everything is running fast, a security flaw is precisely going to 
endanger the process. 


Security is also an objective of performance. 
Additional Information — 


Transition Statement — 


Next two slides show the typical usages and connections in a network. 
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Network Lines and Cables 





User needs: e-mail, Internet access, data synchronization, data sharing and printing. 
Conditions: Without wires, independent of location and within the standards and 


security restrictions. 






v TPP/WPP Wireless modems/Bluetooth cell phones 
v IBM SecureWay Firewall/VPN 
v SecureWay Wireless Gateway 





v IBM 802.11b 
Home Gateway 
v IBM Bluetooth 










v Wayport 
¥ MobileStar 
v IBM VPN 


v IBM 802.11b Access Points 
¥ 802.11b Access Servers 
v IBM Bluetooth options 



















802.11b AP . 


=_<OR> * 


m Ou Stas @Pan 


802.11b AP 








PSTN (POTS) 






Figure 2-5. Network lines and cables WL191.0 


Notes: 


Networking is mainly spread into three domains: 


« PAN (Personal Area Networks) 
¢ LAN (Local Area Networks) 
¢ WAN (Wide Area Networks) 


This slide shows typical examples in a wireless and mobile context. 
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Instructor Notes: 

Purpose — 

Typical usages and connections of PAN, LAN and WAN. 
Details — 

Additional Information — 

Transition Statement — 


Continue next slide 
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Network Lines and Cables 
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fe 
y Ad Hoc 
connectivity 








Figure 2-6. Network lines and cables WL191.0 


Notes: 


This slide continues to show the typical usages and connectivity of the three networking 
domains, but here we focus on the existence of a private domain, its internal and external 


connections. 
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Instructor Notes: 

Purpose — 

Typical connections in and out a private domain. 
Details — 


Keep in mind that we are discussing "security". Any network connection is a potential entry, 
or exit. 


Can we eavesdrop a radio link? 
Can a foreigner connect in a meeting room? 


Can an optical fibre be damaged? 


Additional Information — 
Transition Statement — 
What are the elements that make this connectivity? 





© Copyright IBM Corp. 2003 Unit 2. The network objects related to security 2-13 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





The Wireless Network Transmitters-receivers 
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802.11b / Bluetooth bridge Aer: 
bs Bluetooth 
PDA + Wi Fi + Wi Fi 

we 
Figure 2-7. The Wireless Network transmitters-receivers WL191.0 
Notes: 
Here are some products making various types of connectivity. 
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Instructor Notes: 

Purpose — 

The devices that allow network connectivity. 
Details — 


Standalone products permit network connectivity by themselves, adapter cards give this 
connectivity to computers: laptops and PDA's. 


Most products have weaknesses in their design. When security is a concern, it is important 
to read questions and answers in internet forum to immediately react, before an intruder, 
when a weakness is revealed. 


Additional Information — 


In addition to traditional network connectivity, this slide shows the "Ad-Hoc" connectivity 
which is new with Bluetooth, and is also a basis for WLAN roaming. 


Transition Statement — 


Connectivity is done by products that connect users, but there are also nodes in a network, 
where multiple ways are connected together. 
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The Network Nodes 









Router 











Switch 
Packets Source / destination Destination / source Packets 
Gr 
Pu 
Ye 
Re 
Figure 2-8. The Network Nodes WL191.0 
Notes: 
Here we see a router and its main component: the switch. This is just an example of 
configuration. Many possibilities exist. 
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Instructor Notes: 

Purpose — 

The network node and its main component: the switch. 
Details — 


When a user's device is connected to a network, it is connected to a wire. Then this wire 
must connect to a lot of possible destinations. This is achieved by a router. 


Many routers are present in the worldwide network, allowing every user and every server in 
the world to be actually interconnected, except really private systems. The real isolation is 
brought by security isolation systems. 


A router is actually a box which is connected to several destinations, each of then can work 
in input mode or in output mode, just depending on the data traffic. 


The switch is the main component of a router. Its function consists of receiving a packet on 
one entry and resend it to the appropriate output. Any entry can input or output data. 


Additional Information — 


Functionality of a switch: 


The picture simulates a switch with eight entries. They can be users, servers, etc. Their 
names are abbreviated on the picture. They are "Square", "Triangle", "Star", "Circle", 
"Green", "Purple", "Yellow" and "Red". 


Although anyone can send a packet to anyone else on a real switch, on the picture only the 
four on the left are sending packets to the four on the right, just to simplify the explanation. 


Look the user "Sq". This guy is sending six packets: one to "Ye", pictured as a yellow 
square, two to "Re", pictured as two red squares, one again to "Ye", one again to "Re" and 
finally one to "Gr". The other guys on the left are also sending packets to "Gr", "Pu", "Ye" 
and "Re". 


The switch receives a packet. How does it know to which user it must resend it? This is 
written in the packet itself. A switch implements a technology, for instance Ethernet. Every 
technology uses one or several protocols that define an encapsulation, in fact an 
encapsulation is a kind of envelope in which you insert the letter. The envelope is made of 
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two parts: the header and the trailer. In the present topic we don't mind about the trailer, 
mainly used for checking, but we focus on the header. This part is placed ahead in the 
encapsulated packet, it contains the destination address. By decoding this address in the 
header, the switch gets the information where to send the packet. 


Look the result on the picture: All "Sq" packets are square, all "St" packets are stars, all 
"Pu" packets are purple, etc. 


Transition Statement — 


A network with a service provider. 
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The Third-party Network Service Providers 











Figure 2-9. The Third-Party Network Service Providers WL191.0 


Notes: 


Security concerns are complex when a network combines private domains, connected both 
through the public domain and a semi-public provider 
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Instructor Notes: 

Purpose — 

Security with the presence of a network provider. 
Details — 


Security must be considered with threats from the public domain, the connections with it, 
the connections with the network provider, and the service provider itself, on top of the 
existing threats already known in the private domains. 


Additional Information — 


Transition Statement — 


How about end user equipments? 
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The End-user’s Equipments 
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Figure 2-10. The End-User’s equipments 


Notes: 


WL191.0 


Here are some equipments that we can find on the market today, and the networking 


standards that they use. 
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Instructor Notes: 

Purpose — 

End user equipments and associated networking standards. 
Details — 


Personal computers are still in use, but mobile devices appear more and more on the 
market, while wireless networking progress with efficient LAN standards 802.11b and 
802.11a, new WAN standard GPRS on top of GSM, and the rising PAN standard Bluetooth 
promoting the Ad-Hoc connectivity. 


It is a challenge for computer manufacturers to offer the right connectivity associated to 
their products. Some standards are offered as PCMCIA cars, called PC cards. LAN and 
PAN are more and more integrated. 


Additional Information — 


Transition Statement — 
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User Authentication Methods 


What you know 


What you have 


What you know and 
what you have 


Something unique 
about the user 
Something you are 


User ID 
Password 
PIN 


ATM card + PIN 


Fingerprint 
Face 

Iris 

Voice print 





Shared 
Many passwords easy to guess 
Forgotten 


Shared 
Can be duplicated 
Lost or stolen 


Shared 
PIN a weak link 
(Writing the PIN on the card) 


Not possible to share 
Repudiation unlikely 
Forging difficult 

Cannot be lost or stolen 


Source: IBM SYSTEMS JOURNAL, VOL 40, NO 3, 2001 - © 2001 IBM 
“Enhancing security and privacy in biometrics-based authentication 


systems” 





Figure 2-11. User authentication methods 


Notes: 


WL191.0 


Unit 1 defined the Authentication. Here are the general ways to perform it. 
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Instructor Notes: 

Purpose — 

User authentication methods. 

Details — 

This table summarizes the known methods used for authenticating people. 


The strongest authentication is achieved by using biometric systems. The most used is the 
fingerprint recognition, followed by face recognition, iris, voice. This offers new possibilities 
to control people access to buildings, restricted areas and information systems. 


Additional Information — 
Transition Statement — 


How does the 802.11 standard authenticate users? 
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802.11: Authentication Modes 


Open System authentication. In an Open System, any station may become 
authenticated. This is the Default authentication mode. 


Shared Key authentication. Use of this authentication mechanism requires 
implementation of the wired equivalent privacy (WEP) option. In a Shared Key 
authentication system, identity is demonstrated by knowledge of a shared, 
secret, WEP encryption key. 





Authentication eee ee 
“_Challenge (random number) (random number) 
Access 
Response ee number) Point 
__Authentication result result 


Mutual authentication is required. Client identified by AP, and AP identified by client. 





Figure 2-12. 802.11: Authentication modes WL191.0 


Notes: 


By default, 802.11 performs an Open System authentication, where any station can be 
recognized. Fortunately this standard also uses a strong authentication method called 
Shared Key authentication, where a key must be recognized by both parties to achieve the 
connection process. 
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Instructor Notes: 
Purpose — 

802.11 authentication modes. 
Details — 


The 802.11 standard offers two ways to authenticate: one without protection (the door is 
open to anybody), the second using a key only known by both parties. 


During the authentication process, no key is exchanged. This would allow this capture by 
using a sniffer. Instead, the process used is a "challenge-response" scheme which consists 
of sending a random number (the challenge) then compare the results of its combination 
with the key. 


As no party is initially more reliable than the other one, the authentication must be mutual, 
this means that each party must authenticate to the other. 


Additional Information — 
The IEEE 802.11 standard, the authentication chapter. 
Transition Statement — 


Are the data encrypted in a 802.11 information exchange? 
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802.11: WEP Encryption 





Symmetrical encryption: 802.11 WEP 


Plain Data 





Key 
sequence Seed 
v 
Encryption @XOR @xXOR__ Decryption 
Encrypted 





WEP: The optional cryptographic confidentiality algorithm specified by IEEE 802.11 used to provide data confidentiality 


that is subjectively equivalent to the confidentiality of a wired local area network (LAN) medium that does not employ 
Oey eu e ke (ae 





Source: IEEE 802.11 





Figure 2-13. 802.11: WEP Encryption WL191.0 


Notes: 


Considering the additional risk due to the radio transmission compared to a wired network, 
the 802.11 standard has taken the objective to offer a data protection equivalent to a wired 
network (LAN) in which no data encryption is used. This is the reason of choosing WEP 
(Wired Equivalent Privacy). 
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Instructor Notes: 

Purpose — 

Data encryption in the 892.11 standard. 
Details — 


- The encryption sequence starts with a set of data called seed, made of an Initial vector 
concatenated to a key. This set is known by both parties. 


This seed is then propagated by using a PRNG (Pattern Random Number Generator) 
which generate a continuous set of pseudo random values, the same on both parts. 


The encryption / decryption is a symmetrical process, the same operation is used. 


Additional Information — 


Transition Statement — 


Is WEP usage mandatory in 802.11 data exchange? 
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802.11: MAC Frames / WEP 


802.11 MAC frame format 







0 - 2812 4 bytes 


2 2 & 1 1 1 1 1 1 1. bits 
‘WEP = 1 if the Frame Body field contains information 

that has been processed by the WEP algorithm. 
WEP = Wired Equivalent Privacy. 











Encryption 
Source: IEEE 802.11 
Figure 2-14. 802.11: MAC frames / WEP WL191.0 
Notes: 
Using encryption is optional in 802.11. 
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Instructor Notes: 
Purpose — 

Use of encryption in 802.11. 
Details — 


When using 802.11 standard, data are encapsulated. The frame body can be 0 to 2812 
byte long, it is preceded by a header and ended with a trailer. This makes the MAC frame. 


The header contains several fields, the first one, two byte long, is the Frame control field. 
One of its 16 bits is the WEP indicator. It indicates if the data have been processed by the 
WEP algorithm. 


This information will be useful for Risk management. 


Additional Information — 
802.11 encryption chapter.. 
Transition Statement — 


Is the WEP encryption very secure? 
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Weakness of WEP 





WEP uses RC4 chain ciphering algorithm, developed by Ron 
Rivest in 1987 and disclosed in September 1994. RC4 is 10 times 
faster than DES. 


Invariance weakness attack: 
Takes profit of the use of weak keys, such as ASCII text or similar. Using weak keys reduces 
considerably the number of possible keys to try. 


Known IV attack: 

It is generally easy to determine the first word of a message, which is generally a constant like 
the date or the address of the sender. With this information, the determination of the key requires 
only 1000000 to 5000000 packets. 


Authentication attack: 
Capturing the Challenge-response authentication packets exchanged by a legitimate user 
provides enough information to initiate a valid authentication request. 


Reference: Weaknesses in the key scheduling algorithm RC4 
S.Fluhrer, I. Mantin, A.Shamir, august 2000 





Figure 2-15. Weakness of WEP WL191.0 


Notes: 


A WEP weakness has been identified. Several possibilities exist, they look easy to 
implement and do not require extensive investment. 
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Instructor Notes: 
Purpose — 

The weaknesses of WEP. 
Details — 


An encryption process is considered secured as long as nobody has demonstrated the 
possibility to break its secret. 


In august 2000, S.Fluhrer, |. Mantin and A.Shamir published a paper explaining how to 
break the WEP encryption. 


Additional Information — 

FLUHRER, S., MANTIN, I., AND SHAMIR, A. Weaknesses in the key scheduling 
algorithm of RC4. Eighth Annual Workshop on Selected Areas in Cryptography 
(August 2001). 


Transition Statement — 


How to get LAN communications secure with a weakness in the encryption algorithm? 
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Security in Wi Fi 





Recommendations: 


Build secure standards: 
802.11 WEP weaknesses would have been avoided by taking advises from Security experts. 


Use encryption to exchange management packets: 


Most of network management packets are exchanged in clear. This allows hijacking and 
impersonation. Encryption techniques can generally be used to carry those frames. 


Preferably use WPA devices: 


Wi Fi Protected Access is an approach to temporarily solve the WEP weaknesses. It uses the 
protocol TKIP (Temporary Key Integrity Protocol) which imposes the change of the key when a 
packet greater than 10KB has been sent. 


Possibly design 802.11i solutions: 


IEEE is developing the standard 802.11i in complement to 802.11, based on an architecture 
802.1X/EAP (Extensible Authentication Protocol) which will allow the distribution of encryption 
keys per user in each session. We find there: 

* LEAP (Lightweight EAP) from Cisco, a proprietary solution based on RADIUS and LDAP, 

* EAP-TLS (Transport Secure Layer), an open standard adopted by most of the providers, based 
on EAP and using a PKI infrastructure at the Radius authentication server. 





Figure 2-16. Security in Wi-Fi WL191.0 


Notes: 


Solutions exist to get LAN transmissions secure. 





2-34 Wireless end to end security © Copyright IBM Corp. 2003 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Instructor Notes: 

Purpose — 

How to get LAN transmissions secure? 
Details — 


The real solution would have been to build a secure standard from the beginning. The 
intent of the additional standard 802.11i is to offer an additional security to LAN products. 


Additional Information — 
The new 802.11i standard. 
Transition Statement — 


Do all the communication standards use the same authentication and encryption methods 
than the 802.11 standard? 
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Bluetooth Authentication 


Bluetooth defines two types of devices: Trusted and untrusted (or unknown). 


™ 
Bluetooth usage cases 
U Qe 0 0 are defined in Profiles. 


A Profile defines a selection of messages and procedures (generally termed 
capabilities) from the Bluetooth SIG specifications and gives an unambiguous 
description of the air interface for specified service(s) and use case(s). 


Authentication is one of the procedures defined in the Profile. It is part of the product 
implementation. It is guaranteed by the Qualification Program. 


A Bluetooth device must be qualified with at least one supported Profile. 
Two devices intended to work together are associated by Pairing. 


Two unknown devices may communicate, although they are not associated, but high 
level protection is achieved by using Pairing. 


Authentication of paired devices is done by challenge response. 





Figure 2-17. Bluetooth authentication WL191.0 


Notes: 


Basically from the Bluetooth Core specifications, Bluetooth communications can be 
optionally protected, but in a given usage, the protection is mandatory as specified in the 
corresponding profile. 
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Instructor Notes: 

Purpose — 

How the authentication is done in the Bluetooth standard. 
Details — 


Although many comparisons have been done between Bluetooth and the 802.11b 
standard, those two communication technologies are conceptually different. 


The 802.11 standard addresses the LAN communications. It defines radio usage in the 2.4 
GHz frequency band, another radio usage in the 5 GHz band, and the communication with 
Infrared. 


The Bluetooth technology is not a standard, but a proprietary implementation. It is nota 
LAN standard, but a PAN communication technology. Although PAN stands for Personal 
Area Networking, The network communication capability is only a small part of the 
Bluetooth usage cases. 


Usages of Bluetooth are defined in Profiles which precisely define all the details of each 
usage. Products must be qualified with their declared profiles, with a very strict process 
called "the qualification program". 


Two kinds of communications can be established in the Bluetooth technology: the devices 
can be "trusted" or "untrusted". Unknown devices are untrusted. It is possible to exchange 
data with an untrusted device, such as "Buy the best chewing gum!", but secure 
communications such as mail synchronization, printing, Ad-Hoc networking, etc, need the 
communication to be secure. 


Strong protection is achieved by pairing devices. 


Additional Information — 


Bluetooth specifications, including Profiles: http://www.bluetooth.com. Also have a look at 
the QPL (Bluetooth Qualified Product List) on the Bluetooth WEB site. 


Transition Statement — 


How do we pair devices and how do they proceed with authentication? 
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Bluetooth Authentication 


Verifier (A) Claimant (B) 
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Authentication 


Once i Everytime 





Common Link key generation 





Keys are never exchanged in clear on the radio link 








Figure 2-18. Bluetooth authentication WL191.0 


Notes: 


Strong protection is achieved by pairing devices. 
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Instructor Notes: 

Purpose — 

How the authentication is done in the Bluetooth technology. 
Details — 


Assume we already have a Bluetooth device (i.e. a laptop), and we have just bought a 
second device, which can work in complement with the first one (we have checked that 
they both implement the intended profile in complementary roles before purchasing the 
second device). 


A first communication is done between the two devices, using the init key and the unit key. 
A PIN code is also manually entered at this time. This allows the generation of the common 
combinational key that the two devices create separately, without exchanging them on the 
radio waves. This operation is done once at the time of the pairing. 


Then at every usage, a strong authentication is performed by challenge-response. As of 
today, this authentication scheme has never been broken. 


Additional Information — 


Bluetooth Core specification: Baseband and LMP chapters. 


Transition Statement — 


How about the Bluetooth encryption? 
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Bluetooth Encryption 


Symmetrical encryption: Stream ciphering for Bluetooth with E0 


Plain text / Cipher text 






Address 






XOR 
EO Step 3 


EO Step 2 





EO Step 1 Cipher text / Plain text 





Figure 2-19. Bluetooth encryption WL191.0 


Notes: 


The Bluetooth encryption uses a different algorithm that the 802.11 standard. 
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Instructor Notes: 

Purpose — 

How the encryption is done in the Bluetooth technology. 
Details — 


Bluetooth does not use the WEP like the 802.11 standard. The reason is that the objective 
is different. While the 802.11 LAN had the objective to provide a protection just equivalent 
to a wired non encrypted network, Bluetooth is intended to work in the wireless world and 

needs a real security in the data transfer. 


This is why the EO algorithm has been used with the implementation of a key generator that 
changes the key automatically. Then no maintenance is required to change the encryption 
key. Using Bluetooth in a secured profile does not bother the user with key maintenance. 
Just to remember, one weakness of the WEP in the 802.11 standard is precisely the need 
to change the key very frequently. 


So far, the Bluetooth encryption scheme has never been broken. The Bluetooth weakness 
is the pairing operation itself that has just the strength of the pin, provided that the full 
process is captured with a sniffer. The recommendation to avoid impersonation threat is to 
perform the pairing at a secure place. This only occurs once when the devices are 
associated for the first time. 


Additional Information — 
Bluetooth Core specification, Baseband and LMP chapters. 
Transition Statement — 


Is the Bluetooth radio range an additional security feature? 
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Bluetooth: Radio Range 


Security is also provided by the limited range: Three 


emission levels are available in Bluetooth: 20 dBm, 4 dBm, 0 dBm, 
respectively called Class 1,2 and 3 devices. 


Power control: A power control is required for power class 1 
equipment. The power control is used for limiting the transmitted power 
over 0 dBm. Then a mixed combination of devices has an emission power 
equal to the power of the less powerful device. 


Range: Typically a Class 1 device has a range equivalent to a LAN 
device, about 100 meters, assuming that it is connected to another class 1 
device. Small devices, which are battery powered, are typically class 3 and 
have a 10 meter range. Laptops which integrate both Bluetooth and 
802.11b are also class 3 devices (on the Bluetooth implementation) to 
reduce interferences with the LAN and allow simultaneous functionality. 


Limited range improves security in wireless communications. 





Figure 2-20. Bluetooth: Radio range WL191.0 


Notes: 


As soon as the range is reduced, the security is improved, but let's first correct a common 
public mistake. 


People believe that the Bluetooth radio range is 10 meters. Actually, according to the 
Bluetooth specification, the range can be as long as a 802.11 radio communication, but 
Bluetooth works in specific conditions which change the game. 
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Instructor Notes: 

Purpose — 

Bluetooth security brought by the radio range. 
Details — 


While the Bluetooth specification allows an emission level up to 100 milliwatts, as much as 
the 802.11 standard, actually it defines three power levels. 


The greatest levels use a mandatory power control feature that automatically reduces the 
power level to the required level. 


Basically, because of the need to preserve battery autonomy, the small portable Bluetooth 
devices work at the low power level. Laptops could afford to use the maximum level, but 
the need to be able to work simultaneously with the 802.11 LAN leads computer 
manufacturers to choose the minimum level for Bluetooth to avoid the 802.11b from being 
disturbed by the interferences. 


Finally, in most cases, the Bluetooth range is much lower than the 802.11 range. This gives 
Bluetooth a greater protection against eavesdropping and its resulting threats. 


Additional Information — 


Remember that the range of a radio communication is not an absolute value, but is the 
result of a certain attenuation and also a relation with the Bit Error Rate. 


A hacker with a good antenna and a tolerant program can probably capture a data 
communication hundreds meters away. 


For sure, using a reduced power is not going to help hackers! 


Transition Statement — 


Is data transmission always a security concern? 
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Bluetooth: Public Usages 
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Ad Hoc connectivity does not always require security, but always 
require awareness. 





Figure 2-21. Bluetooth: Public usages WL191.0 


Notes: 


The previous slides have shown the usage of LAN and PAN technologies to securely 
transport data. 
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Instructor Notes: 

Purpose — 

Can we forget security with public applications? 
Details — 


ALAN technology such as the 802.11 has only one application and does not offer any other 
service. Then it is useless to consider any other possibility. 


A PAN technology such as Bluetooth offers many applications, as much as your 
imagination can create, so it is possible to exchange data, in some public usages, without 
any security. But not securing data does not mean to work without security. 


Your laptop, your PDA, your mobile phone must not be exposed by using a non-secure 
data transmission. 


Additional Information — 


Transition Statement — 


Does it exist a personalized data encryption? 
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Encryption: PKI 


Asymmetrical encryption: Public Key Infrastructure 
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Figure 2-22. Encryption: PKI WL191.0 


Notes: 


PKI is a way to personalize an encryption. 
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Instructor Notes: 

Purpose — 

Strong encryption scheme, using complementary keys. 
Details — 


PKI is an encryption process based on two complementary keys. One, called Private key, 
must be seriously protected by its owner because it is considered as a proof of the action of 
its owner. 


The other one, called Public key, has no real need to be secured because it is publicly 
distributed. 


Basically, everything encrypted with the public key is decrypted with the private key, and 
vice-versa. 


As soon as you encrypt data with your private key, many people can read them, but you 
prove to be the author. You also protect the integrity of a document if you encrypt it with 
your private key. 


As soon as somebody encrypts some data with your public key, only you can decrypt the 
data because you are the only person who has the private key. This allows sending data 
personally to somebody through a public channel. 


Finally, PKI has a legal value when the two keys are produced by a certification body that 
also issues an associated certificate. This official institution can certify that somebody has 
a certain unique couple of keys, and can validate a transaction done and secured with PKI. 


Additional Information — 
Transition Statement — 


This terminates the unit. Just look the summary to remember the topics. 





© Copyright IBM Corp. 2003 Unit 2. The network objects related to security 2-47 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Summary 
Network structure. — 


* Corporate Security View 

° Network lines and cables 

° The Wireless Network 
transmitters-receivers 

° The Network Nodes 

°* The Third Party Network Service 
Providers 

° The End-User’s equipments 

° User authentication methods 

* 802.11: Authentication modes 


802.11: WEP Encryption 
802.11: MAC frames / WEP 
Weakness of WEP 
Security in Wi Fi 
Bluetooth authentication 
Bluetooth encryption 
Bluetooth: Radio range 
Bluetooth: Public usages 
Encryption: PKI 





Figure 2-23. Summary 


Notes: 


What this unit has covered. 


WL191.0 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 

Additional Information — 

Transition Statement — 

Stop! The traffic light is red. Take the time of a break before going to Unit 3. 
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Unit 3. The enterprise objects related to security 


What This Unit Is About 
The purpose of this unit is to explain why objects are interfering to 
each other. 


Here, we will mainly focus on the semantic part of the objects, the 


meaning they carry, and why security should be considered each time 
the objects are processed. 


What You Should Be Able to Do 


After completing this unit, you should be able to: 


¢ Establish your enterprise criteria which will be used to qualify the 
security measures to apply on the objects. 
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Welcome to: 





WL19 a 


Wireless End to End Security 
| 





Unit 3: The enterprise objects related fs 








Figure 3-1. WL19 WL191.0 


Notes: 


WL419 unit 3 introduces the objects of the enterprise that are related to the security. 


This includes the equipments, the data, the process. 
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Instructor Notes: 

Purpose — 

Introduce the objects of the enterprise that are related to the security. 
Details — 


WL419 unit 3 introduces the objects of the enterprise that are related to the security. 


Look how the systems have become portable and mobile, we will also consider the data 
related to the structure of the enterprise, those related to the business, the access, the 
individuals, how the objects interfere to each other and we will show some tools useful to 
help securing the enterprise information system. 


Additional Information — 
Transition Statement — 


Next slide introduces the objectives of this unit. 
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Objectives 


Ss 


After completing this unit, you should be able to: 


° Establish your enterprise criteria which will be used 
to qualify the security measures to apply on the 








objects 
Figure 3-2. Objectives WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 
Objectives. 

Details — 


After completing this unit, you should be able to: 


Establish your enterprise criteria that will be used to qualify the security measures to apply 
on the objects. 


Additional Information — 
Transition Statement — 
Next slide lists the contents of this unit. 
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Contents 


Enterprise systems evolution Credential system risk 
Enterprise structure data management 

Enterprise business data Identity policy metrics 
Access control data Risk management profile 
Data related to individuals Assessing security risks 
Access control risk IBM embedded Security 
management Subsystem 

Access policy metrics Proximity lockout badge 
Information flow risk * Biometry technologies 


management * Biometry categories 
° Flow policy metrics 





Figure 3-3. Contents WL191.0 


Notes: 


This slide is a list corresponding to the next slides that cover the objectives of this unit. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 
Additional Information — 

Transition Statement — 


Let's go to the first topic. 
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Enterprise Systems Evolution 








Figure 3-4. Enterprise systems evolution WL191.0 


Notes: 


The traditional picture of the enterprise systems has changed because of miniaturization 
and improvements. Now we have powerful computers: Laptops, PDA's, etc., which in 
addition are portable. 
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Instructor Notes: 
Purpose — 
Evolution of the enterprise systems needs new protections. 


Details — 


The change in the topology of the enterprise systems create new security challenges that 
request appropriate responses. 


Additional Information — 
Transition Statement — 


How about the data? 
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Enterprise Structure Data 


tz] 


Figure 3-5. Enterprise structure data WL191.0 

















Notes: 


Here we look at the kind of data that represent the structure of the enterprise. 
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Instructor Notes: 

Purpose — 

Data related to the structure of the enterprise. 
Details — 


The yellow shapes give some examples of data that in fact contain the enterprise structure, 
and in blue shapes which kind of information is disclosed if those data are eavesdropped. 


Additional Information — 
Transition Statement — 


And now, have a look on business data. 
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Enterprise Business Data 
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Figure 3-6. Enterprise business data WL191.0 


Notes: 


Here we look at the kind of data that represent the business of the enterprise. 
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Instructor Notes: 

Purpose — 

Data related to the business of the enterprise. 
Details — 


Here, the purple shapes give some examples of data that in fact contain the business 
references, and in orange shapes which kind of information is disclosed if those data are 
eavesdropped. 


Such disclosure could help a competitor. 
Additional Information — 


Transition Statement — 


Are they data related to Access Control? 
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Access Control Data 





Personal devices Data / Application servers 








Figure 3-7. Access control data WL191.0 


Notes: 


Access control generate data. This slide takes care of this kind of data. 
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Instructor Notes: 
Purpose — 

Data related to access control. 
Details — 


There are many things that we can access: buildings, computers, intranet, servers, etc. 


Each of these accessible things is protected by some way. 


Getting access to such data opens a door and jeopardizes the confidentiality of the 
enterprise data. 


Additional Information — 
Transition Statement — 


How about individuals? 
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Data Related to Individuals 











Figure 3-8. Data related to individuals WL191.0 


Notes: 


Knowing the skills covered by the personal of an enterprise is equivalent to know the 
enterprise structure. 
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Instructor Notes: 
Purpose — 

Data related to individuals. 
Details — 


The capability of an enterprise is mainly dependent from the involvement and the 
competence of the personnel. 


Access to those data reveals the strength of an enterprise. In addition, "buying" an 
essential element can totally jeopardize the mission and the competitiveness of the 
enterprise. 


Additional Information — 
Transition Statement — 
Next slides show the principles of establishing a Risk Management. 
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Access Control Risk Management 


Access Management functions 


Identification Manager 
Authentication Manager 


Authorization Manager 
Subject Binding Manager 
Interaction State Manager 
Access Policy Management 
Service 








Figure 3-9. Access control risk management WL191.0 


Notes: 


This slide shows how to determine the list of functions to be considered as part of the Risk 
management. The example is the Access control. Next slide will indicate how to produce a 
list of policies that matches the Risk management functions. 
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Instructor Notes: 

Purpose — 

Building a Risk management Profile. 
Details — 


To build a risk management profile, we must first consider the domains that affect the risk. 
Here we have identified the access control. 


Then we must determine which functions are performed in this domain. We must be 
exhaustive, but regroup the details that have a similar objective. 


Additional Information — 


Next units of this course will provide more details on the selection of functions and the 
construction of the policies. 


Transition Statement — 


When the functions are listed, determine the policies. 
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Access policy metrics 


Access control 


Method of identification 
Method of authentication 
Method of authorization 
Method of binding 
Method of state management 
Method of recording events 











Figure 3-10. Access policy metrics WL191.0 


Notes: 


The policies provide reference elements to make the security functions measurable. 
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Instructor Notes: 

Purpose — 

Build the list of policies, make them measurable. 
Details — 


The first step in measuring the security is to match the functions with policies, then to 
determine which value a policy has in the enterprise. 


We can understand that accessing the explosive stocking room in a weapon manufacturing 
is much more critical than accessing the stocking room of the personal cafeteria. Then the 
value of the explosive stocking room policy will be maximum. 


Additional Information — 
Transition Statement — 


Other domains to be considered. 
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Information Flow Risk Management 


Flow Control functions 








Figure 3-11. Information flow risk management WL191.0 


Notes: 


The information flow is another domain to be managed on the model of access control. 
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Instructor Notes: 

Purpose — 

Information flow risk management. 

Details — 

Proceed like with the access control risk management. 
Additional Information — 

Transition Statement — 

Than build the list of policies. 
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Flow Policy Metrics 








Method of attachment 
Protocols and connections 
Interactions permitted 
Boundaries enforced 
Method for privacy 

Method for recording events 





Figure 3-12. Flow policy metrics WL191.0 


Notes: 


Again the policies must match the functions and have a value. 
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Instructor Notes: 

Purpose — 

Build the list of policies for flow control, make them measurable. 
Details — 

Build the policies for information flow, give them a value. 
Additional Information — 

Transition Statement — 


Last example is the identity / credential system. 
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Credential System Risk Management 


Identity Management functions 








Figure 3-13. Credential system risk management WL191.0 


Notes: 


After access control and information flow, identity / credential is a new domain. 
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Instructor Notes: 

Purpose — 

Identity / credential risk management. 
Details — 


This is the last example, but a real enterprise risk management supposes other domains to 
be identified following the same methodology. 


Additional Information — 
Transition Statement — 


Related policies. 
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Identity Policy Metrics 


Identity Policy 


Method of enrollment 
Method of approval 
Method of Id creation 
Method of Id package 
Method of Id distribution 
Method of Id validation 
Method of cycle management 
Method for recording events 



















Figure 3-14. Identity policy metrics WL191.0 


Notes: 


Policies for the identity / credential system. 
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Instructor Notes: 

Purpose — 

Policies for the identity / credential system. 

Details — 

Build the policies and their associated values. 

Additional Information — 

Transition Statement — 

When all the elements are ready, the risk management profile can be computed. 
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Risk Management Profile 


















Access control risk 
management 


Access policy 
metrics 


Credential system 
risk management 


Identity policy 
metrics 








Figure 3-15. Risk management profile WL191.0 


Notes: 


Combining policies and their values leads to build the risk management profile. 
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Instructor Notes: 

Purpose — 

Build the risk management profile. 
Details — 


The risk management profile is not a magic number got out from a hat, but it better looks 
like a report to be used as a business justification to justify and prioritize expenses. 


Additional Information — 


Transition Statement — 


Assessing security risks 
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Assessing Security Risks 


Risk assessment is systematic consideration of: 


° The business harm likely to result from a security failure, taking 
into account the potential consequences of a loss of 
confidentiality, integrity or availability of the information and 
other assets, 


° The realistic likelihood of such a failure occurring in the light of 
prevailing threats and vulnerabilities, and the controls currently 
implemented. 


Resulting management actions and priorities: 
°* Manage information security risks, 
* Implement controls selected to protect against these risks. 


° Repeat Risk assessment to cover different parts of the 
organization or individual information systems. 





Figure 3-16. Assessing security risks WL191.0 


Notes: 


What is a risk assessment? Managing risks. 
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Instructor Notes: 

Purpose — 

Assessing and managing security risks. 
Details — 


Risks are evaluated by risk assessment procedures. Resolving them has a cost, handled 
by the risk management actions. 


Additional Information — 

What the instructor can read to ask additional questions or to better understand the subject 
Transition Statement — 

To link the flow of charts 
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IBM Embedded Security Subsystem 


The IBM embedded security subsystem is a hardware 
implementation installed on a system mother board in the 
purpose to perform the following functions: 


° Provides hardware-based protection of critical security information. 
° Handles passwords, encryption keys, and electronic credentials. 


°* Protects information and PCs from "sniffers," Trojan horses, and other 
invaders. 


°* Helps identify computer users involved in transactions. 


* Helps establish that data transmissions are authentic, confidential, and 
intact. 


°* Protects electronic transmissions generated by applications such as 
Microsoft Outlook, Lotus Notes, Microsoft Internet Explorer and 
Netscape Navigator. 





Figure 3-17. IBM embedded Security Subsystem WL191.0 


Notes: 


The IBM embedded Security Subsystem is a hardware subsystem that protects a 
computer. 
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Instructor Notes: 
Purpose — 
One way to protect personal computers. 


Details —The IBM ESS is a hardware device developed by IBM Watson Research to 
protect a personal computer. 


Additional Information — 
Transition Statement — 
Another hardware to protect computers. 
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Proximity Lockout Badge 


Proximity badge for Access control: 


° Enhanced Security Features for secure, Mobile computing. 
° Uses wireless technology: Infrared, ISM radio, Bluetooth. 





Ge & 


Figure 3-18. Proximity lockout badge WL191.0 





Notes: 


The proximity lockout badge locks your computer when you are away. It is ideal for open 
spaces and during meetings with external participants. 
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Instructor Notes: 

Purpose — 

Using the proximity lockout badge to protect computers. 
Details — 


The proximity lockout badge uses the property of radio emissions to vanish according to 
the distance. 


This property is used to detect that you are away, lock your computer and unlock it When 
you are back. 


Radio ISM bands are used by those devices. ISM = Industrial, Scientific, Medical. 


Additional Information — 
Transition Statement — 


Using biometry to protect computers, assets, physical access. 
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Biometry Technologies 


° D.N.A. biometry (human unique id) 
* Finger biometry 

°* Hand Geometry biometry 

* Iris / Retina biometry 

° Face biometry 

* Voice and Conversational biometry 
* Lips Movement biometry 

* Signature biometry 

* Vein biometry 


Wireless PDA with * Heartbeat biometry 
Biometric Scanner ° Ear biometry 





* Smell biometry 
* Keystroke biometry 
* Gait biometry 





Figure 3-19. Biometry technologies WL191.0 


Notes: 


Here is the list of the biometry technologies known today and one example. 
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Instructor Notes: 

Purpose — 

Using biometry technologies for protection. 
Details — 


Biometry technologies are a strong way to provide individual authentication. 


Those various technologies are used in different domains. Some devices allow to 


logon a system by finger recognition. 


Additional Information — 
Transition Statement — 


There are two main categories. 
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Biometry Categories 





The biometrics are mainly divided into two categories: 


Technologies Characteristics 





Physiological Fingerprints Unique and permanent 
Hand geometry 
Retinal & iris scanning 
Facial recognition 
DNA 





Behavioral Voice patterns Unique but variable 
Signature verification 
Key stroke patterns 
Gait 





Physiological biometrics exploit a unique human physiological characteristic, on the other hand the 
behavioral are based on a pattern of human behavior that is distinguishing an individual. 


However, the biometrics technologies can also be categorized such as Chemical (DNA Matching), 
Visual (Fingerprint, Face, Retina, Iris, Ear), Olfactory (Smell), Visual/Spatial (Hand geometry), 
Visual/Behavioral (Signature verification) and Auditory (Voice biometrics). 


Because a biometric property is an intrinsic property of an individual, it is difficult to surreptitiously 
duplicate and nearly impossible to share. Additionally, a biometric property of an individual can be 
lost only in case of serious accident. 





Figure 3-20. Biometry categories WL191.0 


Notes: 


There are two categories of biometry technologies: physiological and behavioral. 
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Instructor Notes: 

Purpose — 

Biometry categories. 

Details — 

Biometry is a way to authenticate people, based on personal properties. 
Additional Information — 

Transition Statement — 

This terminates the unit. Just look the summary to remember the topics. 
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Summary 


Enterprise systems evolution Credential system risk 
Enterprise structure data management 

Enterprise business data Identity policy metrics 
Access control data Risk management profile 
Data related to individuals Assessing security risks 
Access control risk IBM embedded Security 
management Subsystem 

Access policy metrics Proximity lockout badge 
Information flow risk * Biometry technologies 


management * Biometry categories 
° Flow policy metrics 





Figure 3-21. Summary WL191.0 


Notes: 


What this unit has covered. 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 

Additional Information — 

Transition Statement — 

Stop! The traffic light is red. Take the time of a break before going to Unit 4. 
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Unit 4. The value of objects for the enterprise 


What This Unit Is About 


This unit focuses on the definition of the problem scope. 
In this purpose, it defines the different concepts to be used. 


The main topic of this unit is to explain to the audience that security 
should not be considered as an aggregation of techniques, but as a 
whole functional requirement of an information system. 


What You Should Be Able to Do 


After completing this unit, you should be able to: 
¢ Build the security scale, specific to your enterprise. 


¢ Explain the reasons of a cost related to a security policy 
implementation within our wireless network. 
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Welcome to: 


WL19 haa 
Wireless End to End Security 














Figure 4-1. WL19 WL191.0 


Notes: 


WL19 unit 4 introduces the value of the objects for the enterprise. It shows why the security 
must be considered as a whole. 
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Instructor Notes: 

Purpose — 

Introduce the value of the objects for the enterprise. 
Details — 


WL419 unit 4 introduces the value of the objects for the enterprise. It shows the different 
domains where the security must be considered and illustrates what happens if one 
domain is not properly addressed. 


Additional Information — 


Transition Statement — 
Next slide introduces the objectives of this unit. 
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Objectives 
be 


v 
— 
+o 


S 


After completing this unit, you should be able to: 
¢ Build the security scale, specific for your enterprise. 


¢ Explain the reasons of a cost related to a security policy 
implementation within a wireless network. 








Figure 4-2. Objectives WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 
Objectives. 

Details — 


After completing this unit, you should be able to: 


Build the security scale, specific for your enterprise. 


Explain the reasons of a cost related to a security policy implementation within a wireless 
network. 


Additional Information — 
Transition Statement — 
Next slide lists the contents of this unit. 
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Contents 


Security management standard 
Security management is global 
Security Policy 

Organizational security 

Asset classification and control 
Personnel security 

Physical and environmental security 


Access control 

Systems development and maintenance 
Business continuity management 
Compliance 

What is information security ? 


Communications and Operations Management 





Figure 4-3. Contents 


Notes: 


WL191.0 


This slide is a list corresponding to the next slides that cover the objectives of this unit. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 
Additional Information — 

Transition Statement — 


Let's go to the first topic. 
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Security Management Standard 


ISO 17799. 


This standard is called: 
« Code of practice for information security management ». 


It develops in 10 chapters the essential elements which need to be 
considered in managing the security of an enterprise. These 
chapters are summarized hereafter, but first, let’s have a look on 
the consequences of an incomplete security management. 


It is essential to consider all security management to be 
assessed globally. Any weakness in one domain impacts 
the whole security. 





Figure 4-4. Security management standard WL191.0 


Notes: 


The ISO 17799 standard is called " Code of practice for information security management 
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Instructor Notes: 

Purpose — 

Introducing the code of practice for information security management. 
Details — 


Protecting a value is like constructing a wall around a place to prevent intruders from going 
inside. 


Let's have a look at the ISO 17799 standard, and in particular, what happens if one domain 
is left aside. 


Additional Information — 
Transition Statement — 


What does the standard cover? 
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Security Management Is Global (1/2) 


Code of practice for information security management: 
ISO 17799 


1. Security policy 

2. Organizational security 

3. Asset classification and control 
4. Personnel security 


5. Physical and environmental 
security 








Figure 4-5. Security management is global (1/2) WL191.0 


Notes: 
Here are the five first topics covered by the ISO 17799 standard. 
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Instructor Notes: 
Purpose — 
Security management is global. 


Details —This slide introduces the five first topics of the standard, and shows a picture that 
compares the security as a liquid contained in a bucket. 


If the security is compromised, this is symbolized by a leakage of the liquid. 
On this slide, the security is appropriately managed. 

Additional Information — 

The standard ISO 17799, or the British standard BT 7799. 


Transition Statement — 


What happens when a domain is not properly managed? 
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Security Management Is Global (2/2) 


ISO 17799 


6. Communications and operations 
management 


7. Access control 
8. Systems development 
and maintenance 


9. Business continuity management 





10.Compliance 





Figure 4-6. Security management is global (2/2) WL191.0 


Notes: 


Here are the remaining topics covered by the ISO 17799 standard. 
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Instructor Notes: 

Purpose — 

Security management is global. 
Details — 


This slide introduces the five last topics of the standard, still with a picture like the previous 
slide. 


This time, the picture illustrates the case where one domain is not properly addressed. 
Number 3 corresponds to asset classification and control. An enterprise does not control its 
assets, and for instance scraps old computers without any care. The data contained in 
those computers are compromised. 


On this slide, the security is not appropriately managed. 


Additional Information — 

The standard ISO 17799, or the British standard BT 7799. 
Transition Statement — 

Let's go through the domains addressed by the standard. 
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Security Policy 


Information security policy 


To provide management direction and support for information 
security. 


Information security policy document 


A policy document should be approved by management, published 
and communicated, as appropriate, to all employees. 
Review and evaluation 


The policy should have an owner who is responsible for its 
maintenance and review according to a defined review process. 





Figure 4-7. Security Policy WL191.0 


Notes: 
Security Policy is the first domain addressed by the ISO 17799 standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 

Details — 

What is a security policy, how is it implemented and enforced. 
Additional Information — 

The corresponding chapter on the ISO 17799 standard. 
Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Organizational Security 


Information security infrastructure 


To manage information security within the organization. 


Security of third party access 


To maintain the security of organizational information processing 
facilities and information assets accessed by third parties. 


Outsourcing 


To maintain the security of information when the responsibility for 
information processing has been outsourced to another organization. 





Figure 4-8. Organizational security WL191.0 


Notes: 


Organizational security is the second domain addressed by the ISO 17799 standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 

Details — 

What is the organizational security, how is it implemented and enforced. 
Additional Information — 

The corresponding chapter on the ISO 17799 standard. 

Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Asset Classification and Control 


Accountability for assets 


* To maintain appropriate protection of organizational assets. 


Information classification 


To ensure that information assets receive an appropriate level of 
protection. 


Information should be classified to indicate the need, priorities and 
degree of protection. 





Figure 4-9. Asset classification and control WL191.0 


Notes: 


Asset classification and control is the third domain addressed by the ISO 17799 standard. 





4-18 Wireless end to end security © Copyright IBM Corp. 2003 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 
Details — 

How assets must be classified and controlled. 
Additional Information — 

The corresponding chapter on the ISO 17799 standard. 
Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Personnel Security 


Security in job definition and resourcing 


° To reduce the risks of human error, theft, fraud or misuse of facilities. 


User training 
° To ensure that users are aware of information security threats and 
concerns, and are equipped to support organizational security policy 
in the course of their normal work. 


Responding to security incidents and malfunctions 


* To minimize the damage from security incidents and malfunctions, 


and to monitor and learn from such incidents. 





Figure 4-10. Personnel security WL191.0 


Notes: 
Personnel security is the fourth domain addressed by the ISO 17799 standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 
Details — 

Great care must be brought to personnel security. 
Additional Information — 

The corresponding chapter on the ISO 17799 standard. 
Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Physical and Environmental Security 


Secure areas 


° To prevent unauthorized access, damage and interference to 
business premises and information. 


Equipment security 


* To prevent loss, damage or compromise of assets and interruption to 
business activities. 


General controls 


* To prevent compromise or theft of information and information 
processing facilities. 





Figure 4-11. Physical and environmental security WL191.0 


Notes: 


Physical and environmental security is the fifth domain addressed by the ISO 17799 
standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 

Details — 

After the personnel, the installations of the enterprise must be protected as well. 
Additional Information — 

The corresponding chapter on the ISO 17799 standard. 

Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Communications and Operations Management 


Operational procedures and responsibilities 
* To ensure the correct and secure operation of information 
processing facilities. 


System planning and acceptance 
° To minimize the risk of systems failures. 


Protection against malicious software 
°* To protect the integrity of software and information. 


Housekeeping 
° To maintain the integrity and availability of information processing 
and communication services. 


Network management 
° To ensure the safeguarding of information in networks and the 
protection of the supporting infrastructure. 


Media handling and security 
°* To prevent damage to assets and interruptions to business activities. 


Exchanges of information and software 
* To prevent loss, modification or misuse of information exchanged 
between organizations. 





Figure 4-12. Communications and Operations Management WL191.0 


Notes: 


Communications and Operations Management is the sixth domain addressed by the ISO 
17799 standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 
Details — 


What protections are needed by communications and operations, and how to manage 
them. 


Additional Information — 

The corresponding chapter on the ISO 17799 standard. 
Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Access Control 


Business requirement for access control 
© To control access to information. 


User access management 
° To prevent unauthorized access to information systems. 


User responsibilities 
* To prevent unauthorized user access. 


Network access control 
° Protection of networked services. 


Operating system access control 
* To prevent unauthorized computer access. 


Application access control 
* To prevent unauthorized access to information held in information 
systems. 


Monitoring system access and use 
° To detect unauthorized activities. 


Mobile computing and teleworking 
° To ensure information security when using mobile computing and 
teleworking facilities. 





Figure 4-13. Access control WL191.0 


Notes: 


Access control is the seventh domain addressed by the ISO 17799 standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 

Details — 

How to protect access to information, applications and networks. 
Additional Information — 

The corresponding chapter on the ISO 17799 standard. 
Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Systems Development and Maintenance 


Security requirements of systems 
° To ensure that security is built into information systems. 
Security in application systems 


° To prevent loss, modification or misuse of user data in application 
systems. 


Cryptographic controls 
* To protect the confidentiality, authenticity or integrity of information. 
Security of system files 


°* To ensure that IT projects and support activities are conducted ina 
secure manner. 


Security in development and support processes 


* To maintain the security of application system software and 
information. 





Figure 4-14. Systems development and maintenance WL191.0 


Notes: 


Systems development and maintenance is the eighth domain addressed by the ISO 17799 
standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 
Details — 


Although the development is done by (or under control of) the personnel, this is not 
sufficient to ensure the adequate security in the development of applications and 
processes. 


Threats are also coming from the inside. 


Additional Information — 

The corresponding chapter on the ISO 17799 standard. 
Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Business Continuity Management 


Aspects of business continuity management 


To counteract interruptions to business activities and to protect 
critical business processes from the effects of major failures or 
disasters. 


* Business continuity management process. 
° Business continuity and impact analysis. 
* Writing and implementing continuity plans. 
° Business continuity planning framework. 


° Testing, maintaining and re-assessing business continuity plans. 





Figure 4-15. Business continuity management WL191.0 


Notes: 


Business continuity management is the ninth domain addressed by the ISO 17799 
standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 
Details — 


Protections from disasters is part of the enterprise security. A disaster may be the result of 
a malicious action. 


Be careful not to expose the backup process to the same disaster at the same time. 


Example: all data and processes are immediately backed up on a backup system located 
on the floor just above. What happens if the building is destroyed by a fire? 


Other good examples exist. 


Additional Information — 

The corresponding chapter on the ISO 17799 standard. 
Transition Statement — 

Next domain defined in the ISO 17799 standard. 
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Compliance 


Compliance with legal requirements 


°* To avoid breaches of any criminal and civil law, statutory, regulatory 


or contractual. 


Reviews of security policy and technical compliance 


* To ensure compliance of systems with organizational security 


policies and standards. 


System audit considerations 


© To maximize the effectiveness of and to minimize interference to/from 


the system audit process. 





Figure 4-16. Compliance WL191.0 


Notes: 
Compliance is the last domain addressed by the ISO 17799 standard. 
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Instructor Notes: 

Purpose — 

Domains addressed by the ISO 17799 standard. 

Details — 

Do not have illegal processes, and no process that can be stopped by an audit action! 
Additional Information — 

The corresponding chapter on the ISO 17799 standard. 

Transition Statement — 

Last domain defined in the ISO 17799 standard. 
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What Is Information Security ? 


Information is an asset which, like other important business assets, 
has value to an organization and consequently needs to be 
suitably protected. Information security protects information from 
a wide range of threats in order to ensure business continuity, 
minimize business damage and maximize return on investments 
and business opportunities. 


* Confidentiality. 

° Integrity. 

° Availability. 

Information security is achieved by implementing a suitable set of 


controls, which could be policies, practices, procedures, 
organizational structures and software functions. 





Figure 4-17. What is information security? WL191.0 


Notes: 
This concludes the study of the ISO 17799. 
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Instructor Notes: 

Purpose — 

Defining and enforcing information security. 
Details — 


As aconclusion of the study of the ISO 17799 standard, let's define what the information 
security is. 


Additional Information — 
Transition Statement — 
This terminates the unit. Just look the summary to remember the topics. 
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Summary 
The value of objects for the enterprise. _ 


Security management standard 
Security management is global 

Security Policy 

Organizational security 

Asset classification and control 
Personnel security 

Physical and environmental security 
Communications and Operations Management 
Access control 

Systems development and maintenance 
Business continuity management 
Compliance 

What is information security ? 





Figure 4-18. Summary 


Notes: 


What this unit has covered. 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 

Additional Information — 

Transition Statement — 

Stop! The traffic light is red. Take the time of a break before going to Unit 5. 
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Unit 5. The control zone definition 


What This Unit Is About 


Define where the enterprise frontiers are located. 


What You Should Be Able to Do 


After completing this unit, you should be able to: 
¢ Understand the concept of the control zones. 


¢ Overcome the difficulties dues to the wireless world because it is a 
world where control zones are not related to traditional physical 


boundaries. 
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Instructor Guide 





Welcome to: 





WL19 
Wireless End to End Security 
| 


Unit 5: The control zone definitic 











Figure 5-1. WL19 


Notes: 


WL19 unit 5 introduces the concept of the control zones. 


The control zones are environments that can be isolated to be addressed separately. 
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Instructor Notes: 

Purpose — 

Introduce the concept of the control zones. 

Details — 

WL19 unit 5 introduces the concept of the control zones. 


It defines the limit between the domains and the enterprise frontiers in typical situations. 
Additional Information — 


Transition Statement — 


Next slide introduces the objectives of this unit. 
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Objectives 


N 
Le 


* 


After completing this unit, you should be able to: 
¢ Understand the concept of the control zones. 
¢ Overcome the difficulties due to the wireless world 


because it is a world where control zones are not 
related to traditional physical boundaries. 








Figure 5-2. Objectives WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 
Objectives. 

Details — 


After completing this unit, you should be able to: 


Understand the concept of the control zones. 


Overcome the difficulties dues to the wireless world because it is a world where control 
zones are not related to traditional physical boundaries. 


Additional Information — 
Transition Statement — 
Next slide lists the contents of this unit. 
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Contents 


Traditional system control zones 

Server / users control zones 

Wireless control zones 

Enterprise physical control zones 
Enterprise knowledge control zones 
Internal knowledge control zones 

Control zones extended to subcontractors 
Control zones extended to customers 
Control zones extended to partners 
Control zones extended to providers 





Figure 5-3. Contents WL191.0 


Notes: 


This slide is a list corresponding to the next slides that cover the objectives of this unit. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 
Additional Information — 

Transition Statement — 


Let's go to the first topic. 
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Traditional System Control Zones 
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Figure 5-4. Traditional system control zones WL191.0 


Notes: 


Before looking the control zones of a complex environment, let's have a look on the control 
zones of a traditional system. 
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Instructor Notes: 

Purpose — 

Control zones of a traditional system. 
Details — 


A control zone is the simplest concept that answers one of the following questions: 


Who controls what? 
What controls whom? 


What controls what? 


On this slide we see a control zone comprising the computer and the user. The user 
controls his / her entry to the system and vice-versa. Note that the user control zone is 
actually the area that contains all the users. 


The system represents another control zone because of the interactions between the 
hardware and the software. 


We can continue to build control zones if needed, according to the system's configuration. 
Additional Information — 


Transition Statement — 


Now we go back to the present world. 
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Server / Users Control Zones 








Mobile 





Each server 
has its own 
control zones 


s 
“Tenet” 





Figure 5-5. Server / users control zones WL191.0 


Notes: 


Actually, the control zones that we define are only those which depend on the enterprise. 
The public domain does not represent a control zone that we consider. We do not control 
anything there. 
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Instructor Notes: 

Purpose — 

Control zones of a system with servers and interactions with the public domain. 
Details — 


Here the control zones are more complex to define because of the presence of external 
elements that are not under the control of the enterprise. 


The control zones that we define must altogether represent the complete enterprise, but 
not more. 


Note: we don't need to cover the complete enterprise at once. If several domains are 
covered by several distinct risk management processes, all together must cover the 
complete enterprise, but none of them must define an external domain as part of a control 
zone. 


Additional Information — 
Transition Statement — 
What happens with wireless connectivity? 
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Wireless Control Zones 








Figure 5-6. Wireless control zones WL191.0 


Notes: 


With a wireless connectivity, a wireless control zone must extend up to the limit where it 
becomes impossible to capture any data. This zone is complex to be determined. 
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Instructor Notes: 

Purpose — 

Control zones in a wireless context. 
Details — 


What we control becomes actually what we could control according to the possible 
detection range. 


We must consider the main emission, but also the reflections, the reception sensitivity, the 
BER (Bit Error Rate) and extensions to suppose the usage of a directional antenna 
associated with a receiver. 


Wireless includes radio and infrared. 
Additional Information — 


Transition Statement — 


What is the result for the enterprise? 
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Enterprise Physical Control Zones 
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Figure 5-7. Enterprise physical control zones WL191.0 


Notes: 


We must make the difference between the physical domain and the knowledge domain. 
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Instructor Notes: 
Purpose — 

Enterprise control zones. 
Details — 


The physical topology of the enterprise must obviously be considered as defining control 
zones, as we have defined it in the previous slides, but the variety of the people using a 
computer in different usages obliges to define an additional group: the enterprise 
knowledge control zones. 


Additional Information — 
Transition Statement — 
Let's have a look at the contributors of the enterprise knowledge control zones. 
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Enterprise Knowledge Control Zones 





Data / Application 
servers. 





Internal people: 
Management and 
employees 








Figure 5-8. Enterprise knowledge control zones WL191.0 


Notes: 


Here are some examples of contributors. 
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Instructor Notes: 

Purpose — 

Enterprise knowledge control zones. 
Details — 


We can see here the different people that have access to parts of the enterprise 
information, in addition to the system and the servers. 


Additional Information — 
Transition Statement — 


We consider first the personnel of the enterprise. 
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Internal Knowledge Control Zones 





Data / Application 
servers. 





Internal people: 
Management and 
employees 








Figure 5-9. Internal knowledge control zones WL191.0 


Notes: 


Internal knowledge control zones are similar to the physical control zone of the enterprise. 
It involves the employees within their work area, which may be mobile. 
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Instructor Notes: 
Purpose — 
Internal knowledge control zones. 


Details — 


Only the personnel is involved here. This is why the control zone is very similar to the 
physical control zones. 


Additional Information — 
Transition Statement — 


Now we add the subcontractors. 
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Control Zones Extended to Subcontractors 





Data / Application 
servers. 





Internal people: 
Management and 
employees 








Figure 5-10. Control zones extended to subcontractors WL191.0 


Notes: 


We still consider the enterprise staffing, but we add the subcontractors. 
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Instructor Notes: 

Purpose — 

Extended knowledge control zones. 
Details — 


Subcontractors are very much involved in the projects. They have partly access to some 
servers. 


If the enterprise uses the services of several subcontractors, it is possible that a complete 
project is Known by all of them together. 


It is important to limit their access. 
Additional Information — 


Transition Statement — 


How about the customers? 
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Control Zones Extended to Customers 





Data / Application 
servers. 





Internal people: 
Management and 
employees 








Figure 5-11. Control zones extended to customers WL191.0 


Notes: 


The problem is not so critical if we replace the subcontractor by the customer. We must be 
careful anyway with this external staffing. In all cases, we must consider all of the 
customers as part of the same control zone. 
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Instructor Notes: 

Purpose — 

Extended knowledge control zones. 
Details — 


Customers and subcontractors represent different contributors. They don't require the 
same information databases, but their discussions give them a lot of information on the 
projects. 


The same precautions apply, like with the subcontractors? 
Additional Information — 


Transition Statement — 


And now the partners. 
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Control Zones Extended to Partners 





Data / Application 
servers. 





Internal people: 
Management and 
employees 





Figure 5-12. Control zones extended to partners WL191.0 


Notes: 


Partners generally don't have access to enterprise data, but their frequent contacts with the 
employees in the domain of their competence may lead to assimilate them to regular 
employees. 
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Instructor Notes: 

Purpose — 

Extended knowledge control zones. 

Details — 

Again we are in contact with those people. They share a piece of information each. 


The same precautions apply, like with the subcontractors? 
Additional Information — 


Transition Statement — 


And finally the providers. 
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Control Zones Extended to Providers 





Data / Application 
servers. 





Internal people: 
Management and 
employees 





Figure 5-13. Control zones extended to providers WL191.0 


Notes: 


Providers are required to deliver either prototype or production parts. In the purpose to 
reduce costs, production figures are given to them. Those figures must be sized in sucha 
way that they don't provide a reliable image of the enterprise business plans. 
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Instructor Notes: 

Purpose — 

Extended knowledge control zones. 

Details — 

The problem with providers is again the problem with external people. 
Additional Information — 

Transition Statement — 

This terminates the unit. Just look the summary to remember the topics. 
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Summary 


Traditional system control zones 

Server / users control zones 

Wireless control zones 

Enterprise physical control zones 
Enterprise knowledge control zones 
Internal knowledge control zones 

Control zones extended to subcontractors 
Control zones extended to customers 
Control zones extended to partners 
Control zones extended to providers 





Figure 5-14. Summary WL191.0 


Notes: 


What this unit has covered. 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 

Additional Information — 

Transition Statement — 

Stop! The traffic light is red. Take the time of a break before going to Unit 6. 
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Unit 6. The security policy definition 


What This Unit Is About 


The security policy definition will explain which characteristics of all the 
systems should be considered out when establishing a global security 


policy. 


What You Should Be Able to Do 


After completing this unit, you should be able to: 


¢ Create the security policies that will fulfil the enterprise security 
requirements 
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Welcome to: 





WL19 heal 
Wireless End to End Security 
| 











Figure 6-1. WL19 WL191.0 


Notes: 


WL19 unit 6 introduces the policies created as part of the Risk Assessment. 
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Instructor Notes: 

Purpose —Introduce the policies created as part of the Risk Assessment. 
Details — 

WL19 unit 6 introduces the policies created as part of the Risk Assessment. 


It shows how to select the domains, addressed as subsystems, how to size their values, 
and how to determine the Risk Management Profile, to prepare the deployment based on 
cost, schedule and business justification. 


Additional Information — 
Transition Statement — 
Next slide introduces the objectives of this unit. 
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Objectives 
eb 
—® 
After completing this unit, you should be able to: 


* Create the security policies that will fulfill the enterprise 
security requirements 








Figure 6-2. Objectives WL191.0 
Notes: 
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Instructor Notes: 

Purpose — 

Objectives. 

Details — 

After completing this unit, you should be able to: 


Create the security policies that will fulfil the enterprise security requirements 
Additional Information — 


Transition Statement — 


Next slide lists the contents of this unit. 
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Contents 


Enterprise Security Requirements 
Risk Management Process 
Security management conditions 
Security evaluation criteria 
Common criteria requirements 
Common Criteria Documentation 
Designing a secure solution 
Common criteria simplified model 
Security audit subsystem 

Access control subsystem 

Flow control subsystem 

Identity or credential subsystem 
Solution integrity subsystem 
Creating subsystem policies 
Audit subsystem policies 


* Access subsystem 
policies 

* Flow control 
subsystem policies 

* Solution integrity 
subsystem policies 

°* Ready for security 
policy deployment 





Figure 6-3. Contents 


Notes: 


WL191.0 


This slide is a list corresponding to the next slides that cover the objectives of this unit. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 
Additional Information — 

Transition Statement — 


Let's go to the first topic. 
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Enterprise Security Requirements 


Security objectives 


* Protect Information stored and in transit 

°* Ensure accountability through trusted identity 
* Ensure correct and reliable operation 

° Limit access to information based upon policy 


° Limit access to systems and processes based 
upon policy 


* Defend against attacks 


°* Defend against fraud 





Figure 6-4. Enterprise Security Requirements WL191.0 


Notes: 


Traditionally, security requirements have been expressed by referencing the security 
services within the OSI model: authentication, access control, data confidentiality, data 
integrity and non repudiation. 





6-8 Wireless end to end security © Copyright IBM Corp. 2003 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Instructor Notes: 

Purpose — 

Enterprise Security Requirements. 
Details — 


There is a need to control access to computer systems and their processes, consistent with 
defined roles and responsibilities. 


There is a need to control access to information, consistent with information classification 
and privacy policies. 


There is a need to control the flow of information, consistent with information classification 
and privacy policies. 


There is a need to manage the reliability and integrity of components. 


There is a need for protections from malicious attacks. 


There is a need for trusted identity to address the requirement of accountability of access 
to systems, processes, and information. 


There is a need to prevent fraud within business processes and transactions, or to detect 
and respond to attempted fraud. 


Additional Information — 
Transition Statement — 


Let's look at the risk management process. 
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Risk Management Process 















Risk 
Analysis 


Security 
Policies 






Implementation 


Administration 


Risk acceptance .... 

° Isa Cost decision: the amount of investment required to lower the risk. 
Is a « Pain » decision: the ability to deal with on-going security incidents. 
Is a Visibility decision: the potential impact to Corporate reputation. 
But... 


° Must not be a « surprise » decision: Accepting risk without knowing it. 








Figure 6-5. Risk Management Process WL191.0 


Notes: 


The risk management process is a permanent loop. 
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Instructor Notes: 

Purpose — 

Explain what the risk management process is. 
Details — 


From the risk analysis, security policies are created, some of them are implemented, some 
changes occur in the enterprise, and at the same time, the external environment also 
changes. 


An audit is conducted and reveals weaknesses for various reasons. The risk analysis 
restarts. 


The loop is closed. 
Additional Information — 


Transition Statement — 
About the severe working conditions of a security architect. 
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Security Management Conditions 


Expectations from today’s security architect: 


* Need to meet high expectations and service levels, 


* Use a limited set of tools and techniques, 


* Have low visibility of the electronic activities within the 


operational environment. 


In_addition, security architects have the challenge of 
timely recognition and response to events and peril. 





Figure 6-6. Security management conditions WL191.0 


Notes: 


Among other obligations, security architects have the challenge of timely recognition and 
response to events and peril. 
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Instructor Notes: 

Purpose — 

What do we expect from today's security architect. 

Details — 

No comment! 

Additional Information — 

Transition Statement — 

Starting the Information Technology security evaluation criteria. 
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Security Evaluation Criteria 


Agencies and standards have developed 
IT evaluation criteria. 


° TCSEC in the USA: « Trusted Computer System Security Evaluation 
Criteria ». 


° ITSEC in Europe: « Information Technology Security Evaluation 
Criteria ». 


* CTCPEC in Canada: « Canadian Trusted Computer Product Evaluation 
Criteria » 


* CC.7 is a combination of those documents, done in 1996: « Common 
Criteria ». 


> This document was approved by ISO in 1999 « International 
Organization for Standardization ». 


This initiative opens the way to worldwide mutual recognition of 
product evaluation results. 





Figure 6-7. Security evaluation criteria WL191.0 


Notes: 


The history of the "common criteria" has started with some similar standards in different 
countries. 
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Instructor Notes: 

Purpose — 

Introduce the IT security evaluation criteria. 
Details — 


Common Criteria provide a taxonomy for evaluating security functionality through a set of 
functional and assurance requirements. 


The Common Criteria include 11 functional classes of requirements: security audit, 
communication, cryptographic support, user data protection, identification and 
authentication, management of security functions, privacy, protection of security functions, 
resource utilization, component access, and trusted path or channel. 


These 11 functional classes are further divided into 66 families, each containing a number 
of component criteria. There are approximately 130 component criteria currently 
documented, with the recognition that designers may add additional component criteria to a 
specific design. There is a formal process for adopting component criteria through the 
Common Criteria administrative body (www.commoncriteria.org). 


Additional Information — 
The common criteria at (www.commoncriteria.org). 
Transition Statement — 


More on the common criteria. 
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Common Criteria Requirements 


Common Criteria provide a taxonomy for evaluating 
security functionality through a set of functional and 
assurance requirements. 


They include 11 functional classes of requirements: 


* Security audit, 

* Communication, 

* Crypto-graphic support, 

° User data protection, 

* Identification and authentication, 
° Management of security functions, 
° Privacy, 

* Protection of security functions, 
* Resource utilization, 

* Component access, 

* Trusted path or channel. 








Figure 6-8. Common criteria requirements WL191.0 


Notes: 


Common Criteria provide a taxonomy for evaluating security functionality through a set of 
functional and assurance requirements. 
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Instructor Notes: 

Purpose — 

Discover the Common Criteria requirements. 
Details — 

The 11 functional classes of requirements. 
Additional Information — 

The common criteria at (www.commoncriteria.org). 
Transition Statement — 


More on the common criteria. 
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Common Criteria Documentation 
Part 1: 


Introduction and general model, is the introduction to the CC. It defines general 
concepts and principles of IT security evaluation and presents a general model of 
evaluation. Part 1 also presents constructs for expressing IT security objectives, for 
selecting and defining IT security requirements, and for writing high-level 
specifications for products and systems. In addition, the usefulness of each part of 
the CC is described in terms of each of the target audiences. 


Part 2: 


Security functional requirements, establishes a set of security functional 
components as a standard way of expressing the security functional requirements 
for Targets of Evaluation (TOEs). Part 2 catalogues the set of functional 
components, families, and classes. 


Part 3: 


Security assurance requirements, establishes a set of assurance components as a 
standard way of expressing the assurance requirements for TOEs. Part 3 
catalogues the set of assurance components, families, and classes. Part 3 also 
defines evaluation criteria for Protection Profiles (PPs) and Security Targets (STs) 
and presents evaluation assurance levels that define the predefined CC scale for 
rating assurance for TOEs, which is called the Evaluation Assurance Levels (EALs). 





Figure 6-9. Common Criteria Documentation WL191.0 


Notes: 


This introduces the three parts of the common criteria document. 
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Instructor Notes: 

Purpose — 

Discover the main structure of the Common Criteria document. 
Details — 


The Common Criteria document has important value to the security community, given its 
history and acceptance as a standard for security requirements definition, and its linkage to 
available security technologies through documented protection profiles and security 
targets. 


Common Criteria do not provide all of the guidance and reference materials needed for 
security design. 


Additional Information — 
Transition Statement — 


Starting application. 





© Copyright IBM Corp. 2003 Unit 6. The security policy definition 6-19 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Designing a Secure Solution 


To develop an extensible method for 
designing secure solutions: 


* Build a system model that is representative of the 
functional aspects of security within the complex solution. 


* Create a systematic approach for creating security 
architectures based on the Common Criteria requirements 
taxonomy and the corresponding security system model 





Figure 6-10. Designing a secure solution WL191.0 


Notes: 


To develop an extensible method for designing secure solutions. 
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Instructor Notes: 

Purpose — 

How to develop an extensible method for designing secure solutions. 
Details — 

No comment. 

Additional Information — 

Transition Statement — 

Are we going to work with so many classes? 
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Common Criteria Simplified Model 





To adapt the Common criteria to the objective of building 
a security architecture, requirements can be aggregated 
in security themes: 


Functional 
Category 


Security audit 


Access control 
Flow control 
Identity / credentials 


Solution integrity 


Common Criteria Functional Class 


Audit, component protection, resource utilization 


Data protection, component protection, security management, 
component access, cryptographic support, identification and 
authentication, communication, trusted path/channel 


Communication, cryptographic support, data protection, component 
protection, trusted path/channel, privacy 


Cryptographic support, data protection, component protection, 
identification and authentication, component access, security 
management, trusted path/channel 


Cryptographic support, data protection, component protection, 
resource utilization, security Management 








Figure 6-11. Common criteria simplified model WL191.0 


Notes: 


A simplified model is obtained by grouping the requirements per functional categories. 
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Instructor Notes: 

Purpose — 

Simplification of the common criteria. 
Details — 


The functional categories obtained in regrouping the requirements are called subsystems. 
They include several classes. 


Additional Information — 
Transition Statement — 


The first subsystem. 
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Security Audit Subsystem 


A security audit subsystem is responsible for 
capturing, analyzing, reporting, archiving, and 
retrieving records of events and conditions 
within a computing solution. 


* Collection of security audit data, including capture of the appropriate 
data, trusted transfer of audit data, and synchronization of chronologies. 


* Protection of security audit data, including use of time stamps, signing 
events, and storage integrity to prevent loss of data. 


° Analysis of security audit data, including review, anomaly detection, 
violation analysis, and attack analysis using simple heuristics or 
complex heuristics. 


°* Alarms for loss thresholds, warning conditions, and critical events. 





Figure 6-12. Security audit subsystem WL191.0 


Notes: 


A security audit subsystem is responsible for capturing, analyzing, reporting, archiving, and 
retrieving records of events and conditions within a computing solution. 
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Instructor Notes: 

Purpose — 

The security audit subsystem is the first category. 
Details — 


The purpose of the security audit system in an IT solution is to address the data collection, 
analysis, and archival requirements of a computing solution in support of meeting the 
standards of proof required by the IT environment. 


A security audit subsystem is responsible for capturing, analyzing, reporting, archiving, and 
retrieving records of events and conditions within a computing solution. 


This subsystem can be a discrete set of components acting alone, or a coordinated set of 
mechanisms among the several components in the solution. 


Security audit analysis and reporting can include real-time review, as implemented in 
intrusion detection components, or after-the-fact review, as associated with forensic 
analysis in defence of repudiation claims. 


A security audit subsystem may rely upon other security subsystems in order to manage 
access to audit-related systems, processes, and data, control the integrity and flow of audit 
information, and manage the privacy of audit data. 


From Common Criteria, security requirements for an audit subsystem would include: 


¢ Collection of security audit data, including capture of the appropriate data, trusted 
transfer of audit data, and synchronization of chronologies. 


¢ Protection of security audit data, including use of time stamps, signing events, and 
storage integrity to prevent loss of data. 


¢ Analysis of security audit data, including review, anomaly detection, violation analysis, 
and attack analysis using simple heuristics or complex heuristics. 


¢ Alarms for loss thresholds, warning conditions, and critical events. 


Additional Information — 
Transition Statement — 


The second subsystem 
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Access Control Subsystem 


From Common Criteria, the functional 


requirements for an access control 
subsystem should include: 


° Access control enablement 





* Access control monitoring and enforcement 


° Identification and authentication mechanisms, including verification of 
secrets, cryptography (encryption and signing), and single- versus 
multiple-use authentication mechanisms 


° Authorization mechanisms, to include attributes, privileges, and 
permissions 


° Access control mechanisms, to include attribute-based access control 
on subjects and objects and user-subject binding 


°* Enforcement mechanisms, including failure handling, bypass 
prevention, banners, timing and timeout, event capture, and decision 
and logging components 





Figure 6-13. Access control subsystem WL191.0 


Notes: 


The purpose of an access control subsystem in an IT solution is to enforce security policies 
by gating access to, and execution of, processes and services within a computing solution 
via identification, authentication, and authorization processes, along with security 
mechanisms that use credentials and attributes. 
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Instructor Notes: 

Purpose — 

The access control subsystem is the second category. 
Details — 


The credentials and attributes used by the access control subsystem along with the 
identification and authentication mechanisms are defined by a corresponding credential 
subsystem. 


The access control subsystem may feed event information to the audit subsystem, which 
may provide real-time or forensic analysis of events. 


The access control subsystem may take corrective action based upon alert notification 
from the security audit subsystem. 


From Common Criteria, the functional requirements for an access control subsystem 
should include: 


¢ Access control enablement. 
¢ Access control monitoring and enforcement. 


¢ Identification and authentication mechanisms, including verification of secrets, 
cryptography (encryption and signing), and single- versus multiple-use authentication 
mechanisms. 


¢ Authorization mechanisms, to include attributes, privileges, and permissions. 


¢ Access control mechanisms, to include attribute based access control on subjects and 
objects and user-subject binding. 


¢ Enforcement mechanisms, including failure handling, bypass prevention, banners, 
timing and time-out, event capture, and decision and logging components. 


Additional Information — 
Transition Statement — 


Next subsystem. 
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Flow Control Subsystem 


From Common Criteria, the functional 


requirements for an information flow 
subsystem should include: 


° Flow permission or prevention 





° Flow monitoring and enforcement 


°* Transfer services and environments: open or trusted channel, open or 
trusted path, media conversions, manual transfer, import to or export 
between domains 


° Mechanisms observability: to block cryptography (encryption) 
* Storage mechanisms: cryptography and hardware security modules 


° Enforcement mechanisms: asset and attribute binding, event capture, 
decision and logging components, stored data monitoring, rollback, 
residual information protection and destruction 





Figure 6-14. Flow control subsystem WL191.0 


Notes: 


The purpose of an information flow control subsystem in an IT solution is to enforce 
security policies by gating the flow of information within a computing solution, affecting the 
visibility of information within a computing solution, and ensuring the integrity of information 
flowing within a computing solution. 
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Instructor Notes: 

Purpose — 

The flow control subsystem is the third category. 
Details — 


The information flow control subsystem may depend upon trusted credentials and access 
control mechanisms. 


This subsystem may feed event information to the security audit subsystem, which may 
provide real time or forensic analysis of events. 


The information flow control subsystem may take corrective action based upon alert 
notification from the security audit subsystem. 


Additional Information — 
Transition Statement — 


Next subsystem. 
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Identity or Credential Subsystem 


From Common Criteria, the functional 


requirements for a credential subsystem 
should include: 





° Single-use versus multiple-use mechanisms, either cryptographic or 
non-cryptographic 
°* Generation and verification of secrets 


° Identities and credentials to be used to protect security flows or 
business process flows 


° Identities and credentials to be used in protection of assets: integrity 
or non-observability 


° Identities and credentials to be used in access control: identification, 
authentication, and access control for the purpose of user-subject 
binding 

° Credentials to be used for purposes of identity in legally binding 
transactions 

°* Timing and duration of identification and authentication 

° Life cycle of credentials 

° Anonymity and pseudonymity mechanisms 





Figure 6-15. Identity or credential subsystem WL191.0 


Notes: 


This subsystem refers to people, their identity and their credibility in the enterprise. 
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Instructor Notes: 

Purpose — 

The identity / credential subsystem is the fourth category. 
Details — 


The purpose of a credential subsystem in an IT solution is to generate, distribute, and 
manage the data objects that convey identity and permissions across networks and among 
the platforms, the processes, and the security subsystems within a computing solution. 


In some applications, credential systems may be required to adhere to legal criteria for 
creation and maintenance of trusted identity used within legally binding transactions. 


A credential subsystem may rely on other subsystems in order to manage the distribution, 
integrity, and accuracy of credentials. 


A credential subsystem has, potentially, a more direct link to operational business activities 
than the other security subsystems, owing to the fact that enrolment and user support are 
integral parts of the control processes it contains. 


Additional Information — 
Transition Statement — 


Next subsystem. 
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Solution Integrity Subsystem 


From Common Criteria, the focus of a 


solution integrity subsystem should 
include: 


° Integrity and reliability of resources 


° Physical protections for data objects, such as cryptographic keys, 
and physical components, such as cabling, hardware, etc. 


* Continued operations including fault tolerance, failure recovery, and 
self-testing 


° Storage mechanisms; cryptography and hardware security modules 
° Accurate time source for time measurement and time stamps 

* Prioritization of service via resource allocation or quotas 

* Functional isolation using domain separation or a reference monitor 


* Alarms and actions when physical or passive attack is detected 





Figure 6-16. Solution integrity subsystem WL191.0 


Notes: 


The purpose of the solution integrity subsystem in an IT solution is to address the 
requirement for reliable and correct operation of a computing solution in support of meeting 
the legal and technical standard for its processes. 
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Instructor Notes: 

Purpose — 

The solution integrity subsystem is the fifth category. 
Details — 


A solution integrity subsystem can be a discrete set of components or a coordinated set of 
mechanisms among the several components in the solution. 


The solution integrity subsystem may rely upon the audit subsystem to provide real-time 
review and alert of attacks, outages, or degraded operations, or after the fact reporting in 
support of capacity and performance analysis. 


The solution integrity subsystem may also rely upon the other subsystems to control 
access and flow. 


Additional Information — 
Transition Statement — 


Now we have identified our subsystems. We may have added one specific for the 
enterprise that we are dealing with. In all cases let's go to the creation of the policies. 
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Creating Subsystem Policies 


Each security theme regrouping requirements 


must have corresponding subsystem policies 
and metrics: 


Security audit Audit policy 
metrics 
Access policy 
metrics 
Risk 
profile 
Identity / credentials Identity policy Identity 
metrics 
Solution integrity Integrity policy Integrity 
metrics 


Figure 6-17. Creating subsystem policies WL191.0 














Notes: 


In the previous slides we have made the inventory of all risks associated to five 
subsystems. 


We may have added one subsystem to cover a particular risk of the enterprise, for instance 
a military installation, a hospital, etc. 


Now we are going to create associated subsystem policies. 
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Instructor Notes: 

Purpose — 

Creating subsystem policies which match identified risks in subsystems. 
Details — 


In each subsystem we have created a list of identified requirements associated to risks. It is 
not sufficient to say "a risk exists there" as we should say "a tree is bent over the street". 


We must say how to avoid the risk. That is creating a policy. 


One policy must exist for every risk in every subsystem, but only one. Duplication would 
increase the cost estimate in one domain, leading to take bad decisions. 


Then we need to size the importance of every risk for the enterprise. 
Additional Information — 


Transition Statement — 


Creating policies for the audit subsystem. 
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Audit Subsystem Policies 


The following policies match the audit 
subsystem requirements: 


Method of collecting security audit data: capture, trust, chronology. 


Method of protection of security audit data: time stamps, signing events, 
storage integrity. 


Method of analysis of security audit data: review, anomaly detection, 
violation analysis, attack analysis. 


Method of alarm triggering and detection: loss thresholds, warning 
conditions, critical events. 


Note: This list must be used as a basis to build the list appropriate to 
the particular situation. 





Figure 6-18. Audit subsystem policies WL191.0 


Notes: 


The policies listed here match the audit subsystem requirements that we have built earlier. 
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Instructor Notes: 

Purpose — 

Build the policies associated to the subsystem's requirements. 
Details — 


Creating policies consists of determining the methods by which risks are prevented. 


Every requirement must have a corresponding policy. 


Every policy must have a corresponding value of importance. 


Additional Information — 


Transition Statement — 


Let's do the same for the Access subsystem. 
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Access Subsystem Policies 


The following policies match the access 
subsystem requirements: 


° Method of enabling access. 

* Method of monitoring and enforcement. 

° Method of identification and authentication. 

° Method of authorization: attributes, privileges, permissions. 
° Method of access control. 


° Method of enforcement: failure handling, bypass prevention, banners, 
timing and timeout, event capture. 


Note: This list must be used as a basis to build the list appropriate to 
the particular situation. 





Figure 6-19. Access subsystem policies WL191.0 


Notes: 


The policies listed here match the access subsystem requirements that we have built 
earlier. 
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Instructor Notes: 


Purpose — 
Build the policies associated to the subsystem's requirements. 


Details — 


What has been done for the security audit subsystem must now be done for the access 
subsystem. 


Additional Information — 
Transition Statement — 


Third example: the Flow control subsystem policies. 
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Flow Control Subsystem Policies 


The following policies match the flow control 
subsystem requirements: 


° Method of allowing or preventing an information flow. 

° Method of monitoring and enforcement. 

° Method of performing transfer services and controlling environments. 
° Method of blocking cryptography (encryption). 

° Method of securing storage. 


© Method of enforcement. 


Note: This list must be used as a basis to build the list appropriate 
to the particular situation. 





Figure 6-20. Flow control subsystem policies WL191.0 


Notes: 


The policies listed here match the flow control subsystem requirements that we have built 
earlier. 
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Instructor Notes: 

Purpose — 

Build the policies associated to the subsystem's requirements. 
Details — 


This third example shows that the method of policy creation is very similar from one 
subsystem to another one, including the case of a specific subsystem defined to cover a 
particular situation. 


Additional Information — 
Transition Statement — 


Last example: the Solution integrity subsystem. 
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Solution Integrity Subsystem Policies 


The following policies match the solution 
integrity subsystem requirements (non- 
exhaustive): 


° Method of checking integrity and reliability of resources. 


° Method of physical protections for data objects and physical 
components. 


° Method of ensuring continued operations: fault tolerance, failure 
recovery, self-testing. 


° Method of protecting storage. 

° Method of providing accurate time source. 
° Method of prioritizing service. 

° Method of achieving functional isolation. 


* Method of triggering alarms and actions against physical or passive 
attack. 





Figure 6-21. Solution integrity subsystem policies WL191.0 


Notes: 


The policies listed here match the solution integrity subsystem requirements that we have 
built earlier. 
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Instructor Notes: 

Purpose — 

Build the policies associated to the subsystem's requirements. 
Details — 


You should now be totally operational in the creation of policies. 


Don't forget to assign them a value regarding their importance for the enterprise. The 
measurement system is not important, but it is important to use the same for all the policies 
in order to be in position to build a valid business justification. 


Additional Information — 
Transition Statement — 


In which purpose have we determined the risks, created the associated policies and 
estimated their importance? 
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Ready for Security Policy Deployment 


Audit 
metrics 
Access 
metrics 







SAE) 
management 
profile 


Identity 

metrics 
Integrity 
metrics 










Business 
justification 





Figure 6-22. Ready for security policy deployment WL191.0 


Notes: 


We have now determined the risks, created the associated policies and estimated their 
importance. 


We are ready to go into their implementation. 
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Instructor Notes: 

Purpose — 

Going to the policy deployment. 
Details — 


The implementation of the policies will need to enter into the enterprise process, and add 
there all the methods required according to the risk management that we have driven. 


But deploying and maintaining new processes cost money. This need to be justified in such 
a way that compromises can be determined to fit into a limited budget while implementing 
in priority the most important policies. 


The risk management profile helps determining the cost, building a timing and present the 
business justification to the money holders. 


Additional Information — 
Transition Statement — 


The deployment is covered by the next unit. Let's review the risk management through the 
summary. 
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Summary 


Enterprise Security Requirements 
Risk Management Process 
Security management conditions 
Security evaluation criteria 
Common criteria requirements 
Common Criteria Documentation 
Designing a secure solution 
Common criteria simplified model 
Security audit subsystem 

Access control subsystem 

Flow control subsystem 

Identity or credential subsystem 
Solution integrity subsystem 
Creating subsystem policies 
Audit subsystem policies 


Access subsystem 
policies 

Flow control 
subsystem policies 
Solution integrity 
subsystem policies 
Ready for security 
policy deployment 





Figure 6-23. Summary 


Notes: 


What this unit has covered. 


WL191.0 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 

Additional Information — 

Transition Statement — 

The deployment will need significant efforts. Let's take a break before starting the unit 7. 
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Unit 7. The security policy deployment 


What This Unit Is About 


This unit explains how to seamlessly integrate security policies into the 
enterprise processes.. 


What You Should Be Able to Do 


After completing this unit, you should be able to: 


¢ Establish the cost, schedule, and business justifications for 
deployment of the security policies. 
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Welcome to: 





WL19 
Wireless End to End Security 





| 
Unit 7: The security policy deployr 








Figure 7-1. WL19 WL191.0 


Notes: 


WL19 unit 6 has prepared the list of policies in the various domains and sized their value. 
The unit 7 will now make the work by establishing and documenting the cost, the timing and 
the business justification. 
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Instructor Notes: 

Purpose — 

Deployment of the security policies. 
Details — 


After establishing the domains of the policies that conditions the risk management, the 
deployment can be defined in term of cost, timing and business justification. 


This unit defines the elements of evaluation, including the consideration of variants. It 
explains how to document the results in the objective to make them challengeable and 
equal to the other evaluations. 


This is important because the Risk management is a permanent task in an evolving world. 
At least the measurement must be kept constant. 


Additional Information — 
Transition Statement — 


Next slide introduces the objectives of this unit. 
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Objectives 
eb 
—® 
After completing this unit, you should be able to: 


°* Establish the cost, schedule, and business justifications 
for deployment of the security policies. 








Figure 7-2. Objectives WL191.0 
Notes: 
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Instructor Notes: 
Purpose — 
Objectives. 

Details — 


After completing this unit, you should be able to: 


Establish the cost, schedule, and business justifications for deployment of the security 
policies. 


Additional Information — 
Transition Statement — 
Next slide lists the contents of this unit. 
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Contents 


Risk Management integration cost 
Company security domains 
Common criteria requirements 
Value estimate 

Audit subsystem policy values 


Other subsystems policy values 
User variants 

Device variants 

Output documents 

Risk Management document 
Business justification document 


Access control subsystem policy values 





Figure 7-3. Contents 


Notes: 


WL191.0 


This slide is a list corresponding to the next slides that cover the objectives of this unit. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 
Additional Information — 

Transition Statement — 


Let's go to the first topic. 
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Risk Management integration cost 







Risk 
Analysis 


Security 
Policies 


Administration 





Once the risk is identified and the policies determined ... 





Establish the cost of the integration in the enterprise process. 
°* Build a schedule for the implementation. 


Create a business justification / eventually challenge the target trust 
level. 





Figure 7-4. Risk Management integration cost WL191.0 


Notes: 


After determining the policies, their implementation is the next step in the risk management 
loop. 
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Instructor Notes: 

Purpose — 

Positioning the implementation in the risk management loop. 
Details — 


This slide reminds the risk management process, starting with risk analysis and making a 
loop. 


The risks and their requirements have been identified, corresponding policies have been 
built, the next step is the implementation. 


Remember that the implementation is always a compromise between the cost of the 
deployment and the cost of the exposure. 


Then we need to estimate the cost and the schedule. With those elements we are in 
position to present the business justification. 


Additional Information — 
Transition Statement — 


How about the domains of the company? 
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Company security domains 


Information security is part of the complete enterprise security 
* Interactions with other company domains must be considered. 


* Each considered domain must be clearly identified as referred to in the 
enterprise process. 


° Estimation of policy implementation costs must be consistent with 
other estimations done by any other person in the other domains. 


Interactions 


Subcontractors }°""""""°r*sese... Datacenter 


Mobile users 








Figure 7-5. Company security domains WL191.0 


Notes: 


Information security is part of the complete enterprise security. 
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Instructor Notes: 

Purpose — 

Security domains in a company. 
Details — 


- To build the security of a company, it is necessary to proceed with each domain. As 
companies are all different, the split into domains is different, but starts with some common 
basis: Infrastructure, data centre, intranet, etc. 


Additional Information — 


Transition Statement — 
How we use policies to determine the cost of the implementation. 
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Common criteria requirements 


The Common criteria, aggregated in security themes, have been used 
to determine the Risk management profile. They are now used to 
determine the cost: 


<ai> Ml 
<a> Mle 
See A p> 
Bae ae 
OR 


Figure 7-6. Common criteria requirements WL191.0 











Notes: 


How we have established policies in subsystems, and how we determine their cost. 
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Instructor Notes: 

Purpose — 

Using policies and their value to determine the cost. 
Details — 


The different security subsystems have allowed us to build a set of policies, assign them a 
value for the enterprise, and choose the appropriate methods to properly address the 
problem. 


The methods are chosen according to their efficiency and their price, compared to the cost 
of the risk associated to the importance for the company. 


Additional Information — 
Transition Statement — 


Value estimate. 
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Value estimate 


Each policy has to be evaluated to determine the importance of the 
associated risk. 





This will determine the importance of the corresponding protection. 


<test> ZO 
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Figure 7-7. Value estimate WL191.0 





Notes: 


Each policy has to be evaluated to determine the importance of the associated risk. 
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Instructor Notes: 

Purpose — 

Using policies and their value to determine the cost. 

Details — 

This slide illustrates the scaling of the importance of the policy and its associated method. 


A method that address a valuable policy will cost more than a simple protection needed to 
cover a minor risk. 


This allows building security solutions in relation which each individual situation. 
Once the solution is defined, the cost of its implementation is easily estimated. 
Additional Information — 


Transition Statement — 
An example of scaled protections follows. 
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Audit subsystem policy values 


Policy values estimated for the Audit subsystem. 
This will determine the importance of the corresponding protection. 


Audit policy element Low impact Critical Blocking the business 


audit data 
audit data 


PEI of secu rity Daily report by operator Immediate analysis High priority process to 

audit data administrator 

PVCU Operator notified Operator and High priority process to 
administrator notified administrator 








Figure 7-8. Audit subsystem policy values WL191.0 


Notes: 


Here is the example of a sizing, applied to the audit subsystem. 
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Instructor Notes: 

Purpose — 

Sizing the values of the audit subsystem policy. 
Details — 


In this example, we retrieve the methods corresponding to the policies that we have 
determined earlier. 


If their importance is low for the enterprise, we give them the value "no impact". 


As we can see, the collection of security audit data will generate a single record if this 
information has a really low value, but the record will be more secure and read only if its 
loss is more critical. This removes the possibility of modification by some personnel, but 
needs a more robust infrastructure. Finally the data will be seriously protected if its loss 
blocks the business. This will require a backup, a secured recording, obviously more 
expensive than a single record. 


Additional Information — 
Transition Statement — 


Another example with access control. 





© Copyright IBM Corp. 2003 Unit 7. The security policy deployment 7-17 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Access control subsystem policy values 


Policy values estimated for Access control. 
This will determine the importance of the corresponding protection. 


Audit policy element Low impact Critical Blocking the 
oXU TY al etk 


Enablement Self-registration Controlled registration Secure registration, strong 
identification 

Monitoring and Simple record Read only, signed Signed, encrypted, restricted 
access 

enforcement 


Identification and Single mechanism Controlled authentication Secured authentication 
; . process 

authentication 

Authorization a Limited and controlled list | Restricted and secured 

Access Simple access mechanism Two systems Strong authentication and 
locking 

Enforcement Notify operator High priority process to 
administrator 








Figure 7-9. Access control subsystem policy values WL191.0 


Notes: 


This example addresses a different domain, to determine the importance of the associated 
risk. 
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Instructor Notes: 

Purpose — 

Sizing the values of the audit subsystem policy. 
Details — 


This table is similar to the previous one. Let's look at one line: access. 


If the enterprise sells free newspapers, the access to the editor's room will not be of nature 
to jeopardize the intellectual capital, and then will represent a low risk. Protection is 
required anyway, but a single mechanism is sufficient. 


If the company is doing developments of computer accessories, the information that it 
contains represents months of investment and exposes the enterprise if it is lost. Then we 
will protect the access with two independent systems. This may be a badge and a code. 


If the protection is related to the locker of a bank, then a robust door is associated with a 
secured mechanism and a strong authentication system. The cost is obviously much more 
important than a single door with a key. 


Additional Information — 
Transition Statement — 


General process to assign values. 





© Copyright IBM Corp. 2003 Unit 7. The security policy deployment 7-19 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Other subsystems policy values 


Policy value estimate for information flow control, Identity/ credential 
solution integrity: 


The two previous models are examples. Determine the appropriate level of importance, 
position each policy action in the column where it is the best suited, using the enterprise 
process as reference to determine if the corresponding action is critical or not. 





Audit policy element Low impact Critical Blocking the 
UE atest 


Policy | Medium cost action High level action 


Policy y Medium cost action High level action 
Policy i} Medium cost action High level action 








Figure 7-10. Other subsystems policy values WL191.0 


Notes: 


This slide generalizes the value estimate. Note that the classification in three column is not 
the unique possibility. We can decide five values, or even ten. 
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Instructor Notes: 

Purpose — 

Sizing the values of the subsystem policy in general. 
Details — 


We recognize here the two examples, except that the terms are generalized to apply to any 
kind of policy sizing. 


Three, four, five columns, or even more, can be used, but the rational is to keep this 
number small. 


Additional Information — 
Transition Statement — 


User's considerations. 
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User variants 


User mobility and Server oriented organizations need to consider 


the user and its variances: 


= = 
= Ss 





Figure 7-11. User variants WL191.0 


Notes: 


The personnel represents a domain for the enterprise. Its conditions of work generate 
various levels of risks. 
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Instructor Notes: 

Purpose — 

Risks associated to an employee and its work conditions. 
Details — 


Is the employee mobile? 


Depending the level of his mobility, the risk is more or less important, reaching the 
maximum level if he is meeting external persons in hostile environments. 


We can also consider how he processes his data, how he connects to the enterprise 
network, if he uses servers, and where they are located, etc. 


All those elements determine the value associated to the protections of information 
handled by the personnel. 


Additional Information — 
Transition Statement — 


Considerations of user devices. 





© Copyright IBM Corp. 2003 Unit 7. The security policy deployment 7-23 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 





Device variants 


The computing power now available on portable computers, 
associated with the variety of Operating systems needs to consider 


the variances of the devices: 


= & = 
Sse: a= 





Figure 7-12. Device variants WL191.0 


Notes: 


Like employees generate specific situations of security, the devices and their operating 
systems also create variances that generate security issues. 
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Instructor Notes: 

Purpose — 

Risks associated to various user devices and their operating systems. 
Details — 


A traditional office with a computer used as a terminal is going to be a more and more 
obsolete picture. 


Computers are now portable: laptops, pocket PCs, tablet PCs, PDAs are the new 
generation of computers. They modify the topology of the enterprise, and then create new 
situations of security. 


Those systems can use different operating systems because of various reasons: the 
technologic choice by their manufacturer, their size and related OS capability, etc. Each 
operating system contains its lot of exposures. 


Programmability also introduces security concerns. 


Finally, the security features themselves are generally optional and by default NOT 
ACTIVATED. A good example is given by the WEP encryption used by the 802.11 wireless 
LAN standard. 


Additional Information — 
Transition Statement — 


No activity is finished until the paperwork is done. 
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Output documents 


Actions taken from a Risk management will be a compromise 
between the « ideally protected enterprise » and the absence of 
protection. 


A Risk management document will contain all relevant information's about the 
risk evaluations: 


° Identified risks, 
* Corresponding policies 
° Estimated values 


A Business justification document will expose the elements of decision and 
allow a discussion to take place to challenge the estimations. 


° Identified domains, 
* Comparisons with other domains, 
° Estimated values. 


The schedule is dependent from the customer. This document is not covered 
by the present instruction. 





Figure 7-13. Output documents WL191.0 


Notes: 


Actions taken from a Risk management action will be a compromise between the " ideally 
protected enterprise " and the absence of protection. 


The risk management is also a permanent loop periodically repeating the same actions to 
consider new elements. 


Documents are necessary to make the risk management action reproducible. 
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Instructor Notes: 

Purpose — 

Explain the purpose of the output documents. 
Details — 


Because the risk management must be a periodic process, it is important that every option, 
every decision, every estimation be repetitive, independently of which person is performing 
the work. 


A document must contain all the necessary information to be able to repeat the process on 
the same basis: the "risk management document". 


A risk management action will also result in a cost decision. For this reason a business 
justification has to be built. This justification would optimally be provided through a 
presentation, containing enough details for agreeing on a business value: the "business 
justification document". 


These two documents would be hopefully updated and reused at each new risk 
management action. 


Additional Information — 
Transition Statement — 
What will be contained in the risk management document? 
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Risk Management document (1/6) 


First of all, indicate the location and the environmental conditions. 





° Name of the enterprise 

° Site location and sites covered 

°* Date and triggering event (why this Risk Management is decided) 

° Scope of the Risk Management 

* Context of the Risk Management (part of a global R.M. for instance) 

° Identified domains covered by this Risk Management (list) 

° Identified interactions (list) 

° Interface person(s) in the enterprise for this Risk Management 

°* Other involved persons in the enterprise (Process, other domains, etc) 


° Reference of the enterprise process, affected parts. 





Figure 7-14. Risk Management document (1/6) WL191.0 


Notes: 


First of all, indicate the location and the environmental conditions. 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 

Details —Of course, the risk management document must describe to what it applies. 


The enterprise must be identified, the site and other useful elements related to the location 
and the environment. 


Additional Information — 
Transition Statement — 


Continue with the contents of the risk management document? 
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Risk Management document (2/6) 


Identify the domains covered by this Risk Management. 


° Infrastructure 

° Datacenter 

°* Production unit(s) 
° Subcontractors 

° Mobile users 


° Intranet 





° Providers 
° Other site(s) 





Figure 7-15. Risk Management document (2/6) WL191.0 


Notes: 


Then, identify the domains covered by this risk Management. 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 
Details — 


This risk management action has defined its boundary in the enterprise as domains of 
application. 


These domains must be clearly indicated in the risk management document. It may happen 
that other domains are defined by other similar actions, and that they interact with the 
action that we are performing. 


Additional Information — 

What the instructor can read to ask additional questions or to better understand the subject 
Transition Statement — 

Continue with the contents of the risk management document? 
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Risk Management document (3/6) 


Document the requirements per category of security theme 


°* Criteria for security audit 
° Criteria for access control 
® Criteria for information flow control 


° Criteria for identity / credentials 





°* Criteria for Solution integrity 


Specific criteria defined according to the enterprise business 





Figure 7-16. Risk Management document (3/6) WL191.0 


Notes: 


Now, document the requirements per category of security theme. 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 
Details — 


Going into the details, now we document the security themes as they appear in each 
category, defined as subsystems 


Do not forget to carefully document the specific criteria resulting from particularities of the 
enterprise. 


Additional Information — 
Transition Statement — 
Continue with the contents of the risk management document? 
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Risk Management document (4/6) 


Document the policies per category of security theme 


° Policies for security audit 

° Policies for access control 

°* Policies for information flow control 
* Policies for identity / credentials 


* Policies for Solution integrity 





Policies related to specific criteria defined according to the enterprise 
business 





Figure 7-17. Risk Management document (4/6) WL191.0 


Notes: 


After documenting the requirements, we document the policies. 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 

Details — 

The policies are the methods that are assumed to fulfil the requirements. 


One requirement corresponds to one policy, so these pages of the risk management 
document must match the pages where the requirements are documented. 


Additional Information — 
Transition Statement — 
Continue with the contents of the risk management document? 
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Risk Management document (5/6) 


Document the estimated values assigned to the policies 


* Values assigned to policies for security audit 
° Values assigned to policies for access control 
* Values assigned to policies for information flow control 


° Values assigned to policies for identity / credentials 





* Values assigned to policies for Solution integrity 


Values assigned to policies related to specific criteria defined 
according to the enterprise business 





Figure 7-18. Risk Management document (5/6) WL191.0 


Notes: 


Once the policies are documented, how about their importance? 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 

Details — 

Again it must be a correspondence between the policies and their estimated importance. 


This part will be probably the most challenged. It is important that the documentation of the 
rationale be precise. 


Additional Information — 
Transition Statement — 
Continue with the contents of the risk management document? 
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Risk Management document (6/6) 


Summarize the elements. Produce output documents and 
recommendations. 


* Build the resulting cost figures, 
°* Establish an operational implementation timing 
* Summarize the business justification, detailed in a specific document 


° Make a recommendation, containing scalable implementations 





Figure 7-19. Risk Management document (6/6) WL191.0 


Notes: 


This is the conclusion. What is the result? What are the recommendations? What is the 
cost? 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 
Details — 


Everything is now identified, but the most important remains to do: present the result in 
such terms that the most important protections will be installed, and most of the risks will be 
eliminated. 


Additional Information — 
Transition Statement — 


This terminates the risk management document, but it is essential to convince the money 
holders that the investments on security do not represent loss of money. 
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Business justification document (1/5) 


Indicate the location and the environmental conditions. 


° Refer to the Risk management document 
° Indicate the name of the enterprise 
° Add the main identification data 


© List the covered domains and the relations with the others 


This document should generally look like a presentation, used 
as a basis of discussion to challenge and reposition the 
values estimated for the policies. 





Figure 7-20. Business justification document (1/5) WL191.0 


Notes: 


Like the risk management, the first part of the business justification document must identify 
the enterprise and the environment. 
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Instructor Notes: 
Purpose — 
Explain the contents of the output documents. 


Details — 


The enterprise must be identified, the site and other useful elements related to the location 
and the environment. 


Additional Information — 
Transition Statement — 
Continue with the contents of the business justification document? 
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Business justification document (2/5) 


Indicate the « State of the Art ». 


* Update of the threats to which an information system is exposed 
° Latest identified attacks per type 

* Known vulnerabilities of information systems 

° Most targeted domains 

° Known resolutions 


® Known unresolved attack cases 


Obviously this status is intended to prepare the audience to the 


need to spend money, opposed to the exposure to lose 
some. 





Figure 7-21. Business justification document (2/5) WL191.0 


Notes: 


To have a chance to get some investment, start by showing to people what their enemy is. 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 
Details — 


To convince the audience that security is not a marginal business, start showing them the 
reality: the threats, the attacks, the vulnerabilities. 


The demonstration must remain general, but the enterprise must be reflected in this 
general presentation. 


Additional Information — 
Transition Statement — 
Continue with the contents of the business justification document? 
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Business justification document (3/5) 


Present the requirements per category of security theme 


Do not go into details. Make reference to the main document. 
Indicate all the categories, including a specific for the enterprise. 
Document the main requirements, summarize the others. 


List the challenging items, the most subject to discussion. 


Although this presentation is summarized and refers to the Risk 
Management document for details, this list of requirements 
per category must give a thorough view of the problem 
within the enterprise. 





Figure 7-22. Business justification document (3/5) WL191.0 


Notes: 


Present the requirements per category of security theme 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 
Details — 


Although the purpose of this document is different than the risk management document, 
the flow is the same. 


Now we present the requirements per category. 
Additional Information — 


Transition Statement — 
Continue with the contents of the business justification document? 
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Business justification document (4/5) 


Present the Values estimated per policy and their cost 


For each category, indicate the rational of the estimates, the related 
threats and the particular exposure in the context of the enterprise. 
Document the previous choices and their application in the present 
period. 


Indicate the resulting risk value, and the resulting cost. 


This part of the presentation allows taking cost decision within 
each category, once the global cost decision is taken. 





Figure 7-23. Business justification document (4/5) WL191.0 


Notes: 


Present the Values estimated per policy and their cost 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 
Details — 


We continue on the same logic. 


Now we document the values estimated per policy, and their cost. As we said when 
explaining the corresponding part of the risk management document, this part is the most 
controversial. It contains your estimates and the first elements of the cost. 


Be prepared to argue: "This is the cost of the protection. Here is beside the cost of the risk". 
Additional Information — 


Transition Statement — 


Continue with the contents of the business justification document? 
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Business justification document (5/5) 


Present the results: Cost figures, implementation timing, 
recommendations. 


* Cost per category 

* Resulting cost 

* Implementation timing per category 

* Resulting implementation timing, good input for a schedule 


Recommendations: Scalable implementation, including provisions for 
new exposures. 


Because the budget will never fit all the recommended deployment, 
a scalable implementation will allow to improve the security in 
the time, while the threats progress and change. 





Figure 7-24. Business justification document (5/5) WL191.0 


Notes: 


This is the last page, the decision maker. 
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Instructor Notes: 

Purpose — 

Explain the contents of the output documents. 

Details — 

Your rational has now been more or less accepted, corrected and finally agreed. 


The last page is the conclusion page. Show the resulting cost, a timing for the 
implementation, starting with the urgent protections, and progressively the others. 


Finally make your recommendation. 
Additional Information — 


Transition Statement — 
This terminates the unit. Just look the summary to remember the topics. 
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Summary 


Risk Management integration cost 
Company security domains 
Common criteria requirements 
Value estimate 

Audit subsystem policy values 


Other subsystems policy values 
User variants 

Device variants 

Output documents 

Risk Management document 
Business justification document 


Access control subsystem policy values 





Figure 7-25. Summary 


Notes: 


What this unit has covered. 


WL191.0 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 

Additional Information — 

Transition Statement — 

Stop! The traffic light is red. Take the time of a break before going to Unit 8. 
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Unit 8. The enterprise network and information 
systems surveillance 


What This Unit Is About 


This unit describes the characteristics of the tasks to be created and 
periodically run, to guarantee that an enterprise information system 
integrity has not been modified. 


What You Should Be Able to Do 


After completing this unit, you should be able to: 


¢ Add and run security monitoring of the enterprise information 
system 


¢ Perform seamless integration with already existing performance 
monitoring 


¢ Perform seamless integration with asset Management. 
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Welcome to: 





WL19 
Wireless End to End Security 






Unit 8: The enterprise network a 
information system surveillance 








Figure 8-1. WL19 WL191.0 


Notes: 


This unit explains how to maintain a Risk management process, and how to make the 
surveillance of the implemented policies. 
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Instructor Notes: 

Purpose — 

How to maintain a Risk management process. 
Details — 


A risk management process is a permanent loop. It starts by detecting threats, defines 
policies, assigns them a value, guide a business decision, defines the implementation. 


Surveillance is necessary to follow the evolution of the threats and of the enterprise, but 
also to ensure that the policies are actually applied. Any deviation may jeopardize the 
complete enterprise. 


Additional Information — 
Transition Statement — 
Next slide introduces the objectives of this unit. 
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Objectives 


N 
ota 
S 


After completing this unit, you should be able to: 


° Add and run security monitoring of the enterprise 
information system 


° Perform seamless integration with already existing 
performance monitoring 


° Perform seamless integration with asset 
Management. 





Figure 8-2. Objectives WL191.0 


Notes: 
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Instructor Notes: 

Purpose — 

Objectives. 

Details — 

After completing this unit, you should be able to: 


¢ Add and run security monitoring of the enterprise information system 
¢ Perform seamless integration with already existing performance monitoring 


¢ Perform seamless integration with asset Management. 


Additional Information — 
Transition Statement — 


Next slide lists the contents of this unit. 
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Contents 


Risk Management follow-on 

Wireless Security Auditor (WSA) 
Red-M’s Red-Secure software 
Symantec vulnerability assessment 1.0 
Ethical hacking 

User behavior 

Bibliography 





Figure 8-3. Contents WL191.0 


Notes: 


This slide is a list corresponding to the next slides that cover the objectives of this unit. 
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Instructor Notes: 

Purpose — 

Contents 

Details — 

This is the table of contents of this unit. It is duplicated as the end as a summary. 
Additional Information — 

Transition Statement — 


Let's go to the first topic. 
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Risk Management Follow-on 














Risk 
Analysis 


Security 


eI Policies 


PANo Ta iurcticeya) Implementation 





A deployment of security measures is never definitive ... 





Changes in threats and exposures. 


Changes in the enterprise. 


Changes at employee level. 


Methods are built with the objective to permit the evaluation of a 
risk management in an enterprise. 








Figure 8-4. Risk Management follow-on WL191.0 


Notes: 


After the implementation, administration and auditing are the next step in the risk 
management loop. 
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Instructor Notes: 

Purpose — 

Positioning the administration and auditing in the risk management loop. 
Details — 


This slide reminds the risk management process, starting with risk analysis and making a 
loop. 


The risks and their requirements have been identified, corresponding policies have been 
built, the next step is the implementation. 


The implementation is done. Actually it is updated at every cycle. 


Based upon the evolution of destructive computer codes and viruses, the repeated 
breaches of sensitive computer systems, and recurring incidents of compromise of private 
information stored on networked computing systems, it is reasonable to conclude that the 
effectiveness of security measures in computing solutions depends on the periodic review 
of the security protections. 


Additional Information — 
Internet: interesting articles on the evolution of security threats. 
Transition Statement — 


IBM proposes a wireless security auditor (WSA) 
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Wireless Security Auditor (WSA) 


Access points 


ree, I 
Address: 00:40:96:27:ec:74 
BSSID: 00:40:96:27:ec:74 
SSID: "IBM" 
Name: “hawlws3se55-1" 
Data: WEP 


Eile Options Help Auth: (none seen yet) 
a ‘ 


Beset | associate | Ok =| 








Figure 8-5. Wireless Security Auditor (WSA) WL191.0 


Notes: 


WSA is an audit tool developed by IBM to audit a wireless network. 
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Instructor Notes: 

Purpose — 

Explain the purpose and usages of WSA. 
Details — 


WSA is an IBM research prototype of an 802.11 wireless LAN security auditor, running on 
Linux on an iPAQ PDA. 


WSA automatically audits a wireless network for proper security configuration, to help 
network administrators close any vulnerabilities before the hackers try to break in. 


While there are other 802.11 network analyzers out there (wlandump, ethereal, Sniffer), 
these tools are aimed at protocol experts who want to capture wireless packets for detailed 
analysis. 


WSA is intended for the more general audience of network installers and administrators, 
who want a way to easily and quickly verify the security configuration of their networks, 
without having to understand any of the details of the 802.11 protocols. 


Additional Information — 
IBM Watson Research WEB site. 
IBM La Gaude WEB site (WSA offering). 


Transition Statement — 
What are the functions of WSA? 
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Wireless Security Auditor (WSA) 


WSA is an IBM research prototype of an 802.11 wireless LAN 
security auditor, running on Linux on an iPAQ PDA. 


° WSA automatically audits a wireless network for proper security 
configuration. 


° WSA allows to easily and quickly verify the security configuration of 
wireless networks. 


° WSA allows to detect rogue access points, which are normally 
difficult to detect with normal network monitoring tools. 


° WSA allows administrators to verify that all access points are at the 
desired firmware revision. 


° WSA locates access points and examines their configuration and 
setup. 





Figure 8-6. Wireless Security Auditor (WSA) WL191.0 


Notes: 


WSA detects 802.11 access points, looks their configuration and setup, record their 
position using GPS. 
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Instructor Notes: 

Purpose — 

Explain the purpose and usages of WSA. 
Details — 


WSA monitors a wireless network from the inside and from the outside. It detects all 
installed 802.11 access points and looks their configuration. 


It locates spies using rogue access points, and detects the known access points in which 
the configuration is not protective. 


Additional Information — 

802.11 access points, 802.11 standard. 
Transition Statement — 

What are the 802.11 management issues? 
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Wireless Security Auditor (WSA) 
802.11 Management Issues. 


°* What access points are actually installed ? 
° Where are they ? 

° Are they part of the enterprise network ? 

° Are they permanently installed ? 

° Are they properly configured ? 

* Do they have the latest firmware ? 

° Are they vulnerable to WEP attacks ? 


* Do they use encryption ? 


WSA helps answering those questions. 





Figure 8-7. Wireless Security Auditor (WSA) WL191.0 


Notes: 


The wireless management issues. 
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Instructor Notes: 

Purpose — 

Explain the purpose and usages of WSA. 
Details — 


It may appear strange that a network manager wonders where access points are installed 
in its network, but the reduction of cost now permits employees to afford the purchase of 
access points and install them for their individual convenience. 


As those installations are not professionally monitored, the configuration is generally the 
default configuration, in which no security feature is activated. This provides an access to 
the enterprise by the back door. 


Additional Information — 

Look for the price of 802.11 access points. 

Transition Statement — 

How WSA addresses the wireless management issues. 
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Wireless Security Auditor (WSA) 


What does WSA do ? 


* Tracks beacon packets to find all access points. 

* Locates access points with their GPS coordinates. 
° Determines SSID and AP name. 

°* Tracks probe packets, and the probe responses. 

°* Tracks data packets. 

°* Determines: link encryption method. 

°* Tracks authentication packets. 

° Determines authentication method 

° Tracks clients 


* Determines firmware versions by fingerprinting the access point's 
detailed behavior. 








Figure 8-8. Wireless Security Auditor (WSA) WL191.0 
Notes: 

What does WSA do? 
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Instructor Notes: 

Purpose — 

Explain the purpose and usages of WSA. 
Details — 


Find, locate and identify access points, determines authentication and encryption methods, 
analyses the data to determine the firmware. 


Additional Information — 


Transition Statement — 
IBM is not the only company that proposes audit tools. 
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Red-m’s Red-secure Software 


What does it do ? 


°* Detecting security breaches or potential breaches 
°* Applying appropriate corrective action to mitigate what’s been detected 
* Protecting the network by ensuring policies are actually enforced 


° Integrating a CA (where required) into the definition of user or device 
based policies 


* Use of a single CA to generate certificates for use both in 802.11i and 
other environments, such as for VPN connections 


° Linking of network management activities with security related activities, 
by correlating device management of Access Points (discovery, 
upgrades, status, load, and other QoS related metrics) with the 
enforcement of security policies. 





*** CA = Certification Authority Source: Red-M 
Figure 8-9. Red-M’s Red-Secure software WL191.0 
Notes: 


Red-M is a company that proposes access points and software tools. 
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Instructor Notes: 
Purpose — 

Audit tool proposed by Red-M. 
Details — 


The third objective demonstrates the interest to periodically review how the policies are 
enforced. 


Additional Information — 
Red-M WEB site. 
Transition Statement — 
After Red-M, Symantec. 
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Symantec Vulnerability Assessment 1.0 


Symantec Vulnerability Assessment lets you: 


* Understand the state of vulnerability within your network. 


* Eliminate the guesswork in evaluating the risks from new 
vulnerabilities. 


° Learn about new vendor recommended fixes and work-arounds 
from a single source. 


* Avoid unplanned downtime and lost productivity. 


* Minimize the costs that are associated with security incidents. 


Source: Symantec. 





Figure 8-10. Symantec vulnerability assessment 1.0 WL191.0 


Notes: 


After IBM and Red-M, Symantec also offers a security assessment tool. 
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Instructor Notes: 

Purpose — 

Explain the purpose and usage of the Symantec vulnerability assessment program. 
Details — 


The Symantec vulnerability assessment program detects a lot of vulnerabilities of a user's 
system. 


Additional Information — 


Symantec vulnerability assessment.pdf document, from www.symantec.com to get the list 
of vulnerabilities that this program identifies. 


Transition Statement — 


Continue looking the Symantec vulnerability assessment tool. 
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Symantec Vulnerability Assessment 1.0 
Host-based audits: 


Conducted on individual computers. This capability is provided 
by the SVA Provider components supplied as part of SVA. The 
advantages of host-based assessment are: 


* Greatly reduced numbers of false positive and false negative 
reports when compared with network-based products. 


* Superior scalability over network-based products. 


* Increased security over agent-less assessments that require 
administrative privileges. 


Source: Symantec. 





Figure 8-11. Symantec vulnerability assessment 1.0 WL191.0 


Notes: 


The Symantec vulnerability assessment program performs audits at host level. 
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Instructor Notes: 

Purpose — 

Explain the purpose and usage of the Symantec vulnerability assessment program. 
Details — 

Some functions of the Symantec program detect vulnerabilities at the level of the user host: 
Vulnerabilities of the operating system 

Vulnerabilities of the mail system 


Vulnerabilities of Internet explorer. 


Additional Information — 
Same document as described in the associated text of slide 10. 
Transition Statement — 


Continue looking the Symantec vulnerability assessment program. 
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Symantec Vulnerability Assessment 1.0 


Network-based audits: 


Conducted from central locations on the network The advantages 
of network-based assessment are: 


* Immediate vulnerability information without having to deploy 
SESA (Symantec Enterprise Security Architecture (SESA) ) 
Agents. 


* Immediate vulnerability information about network resources 
that cannot install SESA Agents; for example, network routers or 
firewalls. 


* Discovery of unknown computers and other resources on the 
network. 


°* Ability to audit the vulnerability of computers to attacks from 
inside or outside the network. 


Source: Symantec. 





Figure 8-12. Symantec vulnerability assessment 1.0 WL191.0 


Notes: 


The Symantec vulnerability assessment program performs audits at network level. 
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Instructor Notes: 
Purpose — 
Explain the purpose and usage of the Symantec vulnerability assessment program. 


Details — 


This usage is done from a central location of the network, and audits the pool of computers 
deployed on the network in front of the firewall. 


Additional Information — 
Transition Statement — 
Continue looking the Symantec vulnerability assessment program. 
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Symantec Vulnerability Assessment 1.0 


Additional features: 


* Centralized reporting and management of vulnerabilities. 


* Comprehensive "health check" of the network is available 
from a central location with a consistent, automated, 
repeatable, and on-demand system. 


* Identifies vulnerabilities in mission critical systems and 
applications, not just the operating system. 


* Scalable, three-tier architecture providing coverage for the 
entire enterprise that can extend across the Internet. 


* Authorized users can make security corrections on remote 
systems from a central location. 


Source: Symantec. 





Figure 8-13. Symantec vulnerability assessment 1.0 WL191.0 


Notes: 


Finally, the Symantec vulnerability assessment 1.0 program offers a few goodies. 
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Instructor Notes: 

Purpose — 

Explain the purpose and usage of the Symantec vulnerability assessment program. 
Details — 

Centralized management, remote corrections, etc, may be very useful functions. 
Additional Information — 

Transition Statement — 


How about hackers? 
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Ethical Hacking 





Hacker: An individual who illegally gains access to an electronic system, using clever tricks. 


Ethical hacker: An employee in charge to detect the vulnerabilities of an information system. 


Public domain Firewall Private domain 





— 








Figure 8-14. Ethical hacking WL191.0 


Notes: 


In the unit 1, we have learned that a hacker is an individual who illegally gains access to an 
electronic system, using clever tricks. 
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Instructor Notes: 
Purpose — 
Explain the role of an ethical hacker. 


Details — 


Actually, an ethical hacker is not really a hacker. He attempts to use the methods of real 
hackers to verify the vulnerability of an enterprise. 


Some ethical hackers are regular IBM employees. 
Additional Information — 


Transition Statement — 


And now, how about you? 
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User Behavior 


The user is an important contributor to eliminate the vulnerabilities 
of an information system: 


* Be reasonably aware of the presence of threats at your level. 


* Do not propagate real or wrong information about virus or 
worms, but inform your security administrator. 


* Do not spread doubtful documents, programs, chain letters, etc. 


¢ Protect your system with strong passwords: Disk, operating 
system, network access, etc. 





Figure 8-15. User behavior WL191.0 


Notes: 


The user is not an unreachable person, allowed to do anything on his system. His 
cooperation is important regarding the protection of the enterprise. 
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Instructor Notes: 


Purpose — 
Motivate the user of his importance in the security of his enterprise. 
Details — 


The user cannot afford to jeopardize the security of his enterprise. Some basic guidelines 
will help him. 


Additional Information — 


Transition Statement — 


Terminate the course with some references of useful and interesting books, including web 
sites. 
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Instructor Notes: 
Purpose — 

Bibliography 

Details — 

No comment. 

Additional Information — 
Transition Statement — 


Bibliography, continued. 
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Instructor Notes: 

Purpose — 

Bibliography. 

Details — 

No comment. 

Additional Information — 

Transition Statement — 

This terminates the unit. Just look the summary to remember the topics. 
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Figure 8-18. Summary WL191.0 


Notes: 


What this unit has covered. 
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Instructor Notes: 

Purpose — 

Unit summary. 

Details — 

This slide is a copy of the slide 3: Contents. 
Additional Information — 

Transition Statement — 

Stop! The traffic light is red. 


Thank you for attending the course. Now enjoy the risk management! 
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